person using computer near green circuit board

Cyber risk in an Internet of Things world

World IoT Day

April 9, 2021 is World IoT Day. This special day on the calendar is an opportunity for everyone in the “Internet of Things” (IoT) community to recognize and celebrate how this technology is transforming our personal and professional lives.

Conceived by the IoT Council in 2010, World IoT Day has gathered much momentum in the past 11 years. The IoT Day website has emerged as a central resource for events and discussion around IoT issues, and is helping to champion the recognition and adoption of IoT technology. IoT SLAM is a conference that brings together presentations on emerging technology and trends, best practices, and industry-specific implementation cases in the IoT world. The virtual version of the conference is being held on April 9, but plans are in the works for an in-person conference in June 2021. The conferences are being held by the IoT Community, the world’s largest IoT user group, featuring over 24,000 industry executives and IoT practitioners.

IoT Defined

Simply put, IoT refers to objects and devices that are connected to the Internet. More and more, all kinds of “things” are being enabled with Internet connectivity and the ability to communicate with other devices and systems. Estimates of the number of IoT devices in the world vary wildly, but even the most conservative numbers suggest there will be 13.8 billion IoT devices globally in 2021 – and the end is nowhere in sight.

Why so many IoT devices?

Several factors have contributed to the massive increase in IoT devices in our lives.

Evolving Home Applications: Conventional items in our lives that have never had web connectivity are rapidly joining the IoT ranks. Look in and around your home: connected vehicles, thermostats, security systems, televisions are already commonplace. Internet-enabled refrigerators, toasters, vacuum cleaners, and more are gaining popularity. Add all of those items to our phones, tablets, computers, and e-books, and that’s a lot of devices. According to Statista, the average American home had 10 Internet-enabled devices in 2020. The numbers were similar in Canada and the U.K. – and are climbing annually.

Emerging Technology: New devices and applications are evolving every day. A few examples:

+   Healthcare IoT: Consider hospitals, where IoT devices in the form of health monitors, diagnostic devices, medical equipment, and mobile devices are being used by healthcare professionals to create faster, more efficient patient care. Healthcare has also seen improved patient outcomes from the use of patient wearables – and implants – that monitor vital signs and other measurements to supply medical practitioners with constant, reliable data.

+   Smart Buildings: Sensors embedded in “smart buildings” optimize environmental and logistical controls in office spaces, with the ability to monitor elevator traffic, floor capacity, ventilation, hygiene, temperature control, lighting and more. As we emerge from the pandemic, hospitality, retail, and office facilities will rely on IoT sensors to track occupancy rates to prevent over-crowding, optimize sanitation and hygiene controls, and make energy and HVAC systems as efficient as possible.

+   Smart Cities: Sensors are being used in traffic lights, traffic cameras, parking controls, street lighting, and on roadways to measure traffic and speeds. Pollution and emission levels can be tested by autonomous devices. Interactive information kiosks are being piloted in many centres in Canada and the United States.

+   Manufacturing and critical Infrastructure: This sector has seen accelerated adoption of IoT in industrial control systems and SCADA architectures. The use of IoT devices to collect, transmit, and react to huge quantities of data have transformed operations and introduced opportunities for efficiencies and data analytics in the Industry 4.0 era. And IoT devices are ideal for monitoring remote locations or taking readings in hazardous conditions.

The 5G factor: The continuing expansion of 5G networks is creating ever-widening opportunities for IoT applications. The low latency (i.e., super-fast responses) and high bandwidth (i.e., support for huge amounts of data) are enabling IoT applications that were only fantasy just a few years ago.

The COVID-19 factor: The new world created by the COVID-19 pandemic has accelerated innovation and development. The practical matter of operating with reduced, physically-distanced staff or managing systems with remote workers has created an environment in which industries are racing to introduce automation and efficiency. Cost reductions and other competitive advantages are all part of the bargain.

Risk vs. Reward

Of course, connecting any device to the outside world creates potential cyber risk. While you may not consider someone hacking into your toaster to be a significant security threat, the potential exists for sophisticated threat actors to use an innocuous compromised device as a foothold into other systems in the home. The more devices we connect to the Internet, the more opportunities we create for hackers to access our lives. Unsecured IoT devices can also be used to launch cyber attacks, with seemingly harmless endpoints controlled by threat actors coordinating denial-of-service campaigns or botnet attacks.

IoT cybersecurity must be approached with the same diligence as is observed with traditional computing equipment, be it in the home, office, or production environment. The “rush to market” by some developers has introduced devices with weak – or no – security. And the rush to install IoT solutions during the pandemic may have sidestepped some best practices in cybersecurity. While the promise of efficiencies, cost savings, and convenience is tantalizing, the risks introduced by ill-planned implementations may swamp any gains.

A prudent analysis of security considerations must be undertaken before deploying IoT devices. Some equipment is deceptively easy to install and use – but doing so can be a costly mistake. Some key tips:

+   Thoughtful inventories of connected devices must be maintained – you can quickly suffer “device sprawl” unless you keep careful track of the IoT fleet in your environment.

+   Default settings and out-of-the-box configurations must be changed, and strong passwords implemented.

+   Only minimal necessary access rights should be provided for IoT devices – nothing more. This can include creating specific firewall rules or creating dedicated or segmented IoT networks to limit access, and mitigate risk in case of compromise.

+   Consider maintenance plans or subscribe to vendor alerts on device patch announcements. Patches must be applied promptly to fix vulnerabilities and keep software and firmware up to date. Clear procedures on how to execute patch management in complex production environments must be defined.

+   Assess the availability of encrypted data transfer if appropriate for the devices.

+   Ensure there is sufficient physical security for the devices to prevent damage or tampering.

+   Log, monitor, and audit communications to identify potential threats such as unexpected or high-volume communications between devices.

+   Choose equipment from reputable vendors that demonstrate a commitment to security as well as innovation. Assess the security procedures, testing, and evaluation processes they follow. Are they using open-source software, third-party components, or unsupportable applications that could create compromise in your environment?

World IoT Day is an opportunity to recognize and celebrate the exciting possibilities and efficiencies that an inter-connected world can bring. But this innovation cannot come at the cost of security.

Interested in learning more about how to plan, assess, and secure your IoT environment? Contact ISA Cybersecurity to learn more. We deliver cybersecurity services and people you can trust.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.