Mark Lanterman | January 6, 2017
The Internet of Things (IoT) refers to the growing network of interconnected devices that both collect and share digital information. These devices have infiltrated the market; appliances, cars, and medical equipment—not to mention ever-advancing computers and smart phones—all have abilities afforded by the Internet that did not previously exist. This article discusses the general nature of the IoT and what to consider when thinking about your own cyber-security posture.
The convenience offered by connectivity explains why so many of us love our "smart" devices. In many ways, our lives have improved as a result of the Internet. Think of the way we communicate with others in the office, the way children learn in school, or how people stay healthy, and it's easy to see why our society has become so reliant on the Internet.
Almost every aspect of our lives can now be recorded and tracked on digital devices. Using "cloud" technology, an expanding store of data is being created and accessed. Depending on the individual's commitment to using Apple products, many have purchased the most recent Apple Watch that can monitor health data, such as pulse and steps taken daily. Having such instant access to this knowledge has actually prompted many to adopt healthier lifestyles. At the very least, users have a better idea of their own levels of health even before walking into the doctor's office because of this type of data. Knowing how many steps are taken every day, or how few, has inspired some to get more fit. In this sense, digital devices have developed to the point where they can both influence and shape "real lives." Clearly, the features of the Apple Watch surpass any regular old watch. Sophisticated devices like this one have effectively changed the way we work, the way we learn, and the way we play.
With the development of this kind of technology, an ever-increasing amount of data is being produced and transferred at an unprecedented rate. Think about the wealth of information stored on your iPhone, Fitbits, cars, game consoles, or even some of your kitchen appliances. On a broader scale, everything from wind turbines to hospital equipment is connected via the Internet. The Internet of Things (IoT) has an impact on nearly every facet of how we operate in the world; therefore, the amounts of data that have been created as a result are astronomical. As a society, we have come to rely on the instant access and use of this information.
Perhaps more than being simply convenient, the IoT and the storehouses of data it contains have become essential. Imagine the annoyance we have all experienced as a result of a slow Wi-Fi connection—now imagine if an entire network of connected devices was compromised or disabled. Any barriers to information-sharing previously imposed by geography have greatly diminished. It is also worth noting that the Internet as most people know it, where Google and Facebook can be found, represents only a small fraction of the Internet in its entirety.
The IoT provides us with the information we rely on to make our daily decisions. We are not only better equipped to monitor our data; we are creating entirely new sources of data that help up to optimize our lives. However, with this convenience comes risk. When we depend this much on technology, it is hard to imagine what could happen if that technology stopped being reliable or if someone made that information unreliable on purpose.
Our technological age is remarkable in that it has enabled us to store and share information as soon as it becomes available. Recognizing the risks of this advancement does not downplay its importance nor should it prompt fear about its use. Rather, full utilization of this connectivity is improved when proper security policies are implemented.
When developing a cyber-security strategy, there are four primary considerations: current security issues and cyber-attack trends, the huge amount of data involved, privacy, and self-protection. The devices that compose the IoT are essentially "talking" to each other at any given moment. Therefore, breaches in this stream of communication can happen when vulnerabilities present themselves to cyber-criminals. These attacks can be incredibly harmful for individuals and organizations alike, depending on the severity of an attack. Our digital lives pose a number of entry points for potential hackers and therefore the security risks are almost endless; cyber-attacks have taken on a whole new dimension as the IoT becomes more expansive and engrained in our culture.
When considering the multiple vulnerabilities that an attacker may take advantage of, you have to start thinking about the fact that Internet connectivity now extends far beyond our computers. Given the relative newness of the IoT, proper security measures have not been fully created or implemented to support it. It is important that everyone recognize this lapse, not only those within the cyber-security community.
Each device that offers a hacker even one bit of personal information can be used to create stronger, customized attacks. Hackers must match the onslaught of increasingly advanced devices by constructing better attacks. For example, social engineering attacks in which a cyber-criminal preys on human, rather than technological, weakness are greatly facilitated by the amount of private information stored online. The process of identifying, and oftentimes purchasing, personal information online is referred to as doxxing. Doxxing often precedes social engineering attacks and greatly contributes to their success, as customization lends an attack authenticity and, therefore, a more likely victim.
As of right now, perfect security does not exist. Staying apprised of current cyber-security trends and taking the time to implement basic procedures (such as creating strong passwords for your online accounts and avoiding connecting to public Wi-Fi) can help to foster a safer approach to connecting with the IoT.
The second thing to consider about security and the IoT is that just by scratching the surface of the Internet, we are presented with a huge amount of data. Our society is officially committed to a particular consumer demand; if something can be connected to the Internet, it should be. "I want to be able to access my home security system while I'm at the cabin," or "I want my car to adjust navigation based on traffic." These conveniences require the collection and storage of data.
People are regularly using devices that efficiently track and record personal data. These devices are our record keepers or, as I sometimes call smart phones, "snitches in our pockets." This data is valuable for a number of reasons, and this contributes to why utilizing the IoT can be risky depending on how much of your personal information is at stake.
The data stored on previously isolated devices, such as appliances, cars, toys, and medical equipment and technology is now shared, making it much more vulnerable to attack. Connectivity to the IoT greatly diminishes our ability to keep our personal information personal—the third thing to consider is privacy and how much data about you is made available through the IoT. People are often surprised when I explain how much information is actually stored on these devices and who may have easy access to it. Furthermore, people often don't realize how hard it is, if it's possible at all, to delete this data.
Think about your own digital footprint and whether or not you may be underestimating exactly how "connected" you really are. Even though you may not have the same commitment to Apple products that I do, or you don't have a smart phone at all, it is important to recognize that your information in some capacity is being stored digitally by companies and organizations. Medical and financial information, especially, is stored in digital formats. And, if you do have a number of connected devices, recognize that each one is a possible point of entry for a hacker.
"Smart" devices are able to automatically transfer data over a network—the scope and implications of this kind of sharing are not always fully grasped. Weigh the risks and benefits of connectivity for yourself—it is possible that you end up wanting privacy more than convenience or at least a more balanced approach to the IoT. If this is the case, you can start developing your own cyber-security strategy.
As a first step to protect yourself from the risks associated with the IoT while still enjoying the benefits, identify the number and kind of Internet-enabled devices you currently utilize. You may even go a step beyond this and try to generally consider how your information is stored and kept secure by your healthcare providers, favorite retailers, or banks. Are companies you trust ensuring that the data they collect is being gathered and stored in a safe way? Is this information shared with other parties? Have any of the organizations with which you share confidential information been victims of data breaches or digital attacks? Assessing your level of connectivity is critical in determining your digital security posture.
The more information you have about your own degree of risk, the better able you are to determine a security protocol that works for you. I recommend taking a look at how you construct your passwords, consider not clicking on any suspicious-looking links, and realize that, if data is being stored about you, it may be accessed and not necessarily by someone who has your best interest at heart.
As hacking and cyber-crime constantly adapt to our latest technologies, staying informed about the latest warning signs is critical. It is also worth researching how the IoT is regulated and maintained nationally and globally.
Since our devices are connected, personal levels of security may affect a larger network of individuals than we may realize. Better security measures improve the safety of the IoT for everyone.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.