The Challenges and Risks of Internet of Things
The Internet of Things (IoT) is now a reality. As more of us are using personal electronic devices, and since many of these machines have a network capacity, IoT is only set to increase in reach – already the number of connected devices has ballooned to over 6 million, and projections are that by 2020 the volume of connected ‘things’ will hit 21 billion. The IoT has opened up avenues in a wide range of areas, from the military to healthcare and exercise. The ability to connect devices to the internet and each other has brought myriad benefits. But the IoT is still in its infancy and like any new technology it has its issues, especially with regards to security and privacy.
IoT and its risks
The Internet of Things has already had many benefits. For example, the personal medical device industry has taken healthcare to new heights. It is possible now for individuals to measure and assess their own health via an app or instrument which reads key vital signs on the go and downloads these measurements into a device which then suggests a course of action. The NHS has recently signed lucrative contracts with developers of these ‘smart’ apps not only to tailor the service they provide to the public but also to offload some of the costs of maintaining their care. It is hoped, for instance, that a healthcare app on patients’ phones will lighten the burden on the NHS’s 111 non-emergency hotline, and free up funds for other areas. Meanwhile, in another field, IoT-enabled devices have enabled Coca-Cola to save up to $2 million in capital costs and improve their order accuracy to 99.8% by installing a Voice Over Internet Protocol (VoIP) system in their facilities.
But although such technology has almost limitless potential to solve old problems, rampant expansion of IoT can cause new ones. The most important of these problems is device security and integrity. As appliances become IoT-compatible, they need to be secured from hack attacks. Most people will have antivirus on their personal computers, and many will have some sort of antivirus on their phones, but what about their baby monitor or microwave? Very few of us would think of this, and neither do the manufacturers – very few ‘smart’ domestic appliances even have the capacity to host antivirus software. This is part of the issue: since the technology is new, producers do not think to incorporate security features, and if they do include security it is likely to be of a very limited scope and easily hackable. In autumn 2016, criminals were able to create a ‘botnet’ from thousands of weakly protected domestic appliances and hack into Dyn, thereby disrupting internet access for much of America.
IoT and business
IoT attacks can afflict the public and cause severe disruption. For corporations, the problem is even more acute. As ever, the issue is security. While many companies have embraced the potential of cloud systems to store their data and thus save money on IT overheads, it raises the spectre of who exactly can access that data and through which devices, all of which will be IoT-capable. Criminals may have little to gain in hacking a microwave, but there is much more on offer if they can access a company’s records and sell them on. This is why businesses must choose carefully their cloud provider and evaluate its security profile. Data is a lucrative commodity, and if a company is to protect against a breach it must appreciate the need for security.
But beyond data breaches, a network comprising numerous IoT-enabled devices also puts the business itself at risk since hackers may penetrate the system and subject a corporation to sustained attacks, like DDoS’ing. Such an attack could cause significant damage, not least in the lost revenue as servers are brought back online. To safeguard against this, it is imperative that companies regularly update and patch their systems on the one hand and properly brief their employees as to correct procedure with regard to IoT-enabled devices on the other. For instance, if workers connect their own devices, such as Fitbits and smart watches, to the network it could provide an opportunity for attack.
Education is probably the most important consideration for companies considering an IoT-centred approach. A recent study carried by Cisco argues that “78 percent of IT security professionals are either unsure about their capabilities or believe they lack the visibility and management required to secure new kinds of network-connected devices”. The IoT is here to stay. If companies wish to take advantage of it, they must also keep abreast of its risks and enforce guidelines to regulate its use.