News

Internet of Things and Smart Security

19 January 2017

Technology is everywhere. It is also growing incredibly fast. It can be almost impossible to keep up with every latest trend that is out there. As soon as something becomes popular, something else replaces it. However, an idea that has gained a lot of popularity and attraction is that of the smart home. Imagine having all the small boring chores of your day just automatically completed for you. With the recent release of Amazon’s Echo devices, many are able to control their homes just by their voice. However with the advent of these devices and the Internet of Things (IoT) there is always risk. The security risks of these devices are just as long as the benefits they can provide our lives. As a result cyber security experts are scrambling to keep up with all these innovations and make sure that consumers are not hacked.

As eloquently summarised by Russell Doty on SecurityNewsDesk.com;

These new capabilities and features also come with new security concerns. Consider one vital fact: anything that can connect to a network is a computer. Computers are flexible, general purpose devices that can be modified – for good or for evil. And any connection to the network is an entry point into the network. If you network strategy is built around perimeter security, each IoT device is effectively punching a hole in your security.[1]

This doesn’t just affect our domestic lives either. Many businesses, even entire cities, have invested in this technology. Security devices such as smart-phone enabled access control, IP cameras, fingerprint recognition; these all run off the IoT.

So how can we secure this vast network of devices together? For many there are issues with the devices themselves as they are built with functionality, not security, in mind. As a result many can have a fundamental flaw in their system that hackers can exploit to then take over the system.

In a recent survey 39% of buyers of IoT tech fail to protect smart buildings against cyber attack. It’s a shocking statistic and it’s not worldwide, this is just here in the UK. It’s concerning for there have been many stories of hacks that, 20 years ago, people would scoff and laugh at, thinking it to be the realm of science fiction.

  • In 2013, the theft of millions of customers’ credit card data from US retailer Target was traced back to the heating and ventilation system.
  • More alarming still, a Ukrainian power station was disabled immediately before Christmas in 2015 by a spear-phishing attack – where an employee is duped into downloading malware, usually via email – leaving around 80,000 Ukrainian citizens without power.
  • In 2014, security consultant Jesus Molina told US cybersecurity conference Black Hat he had commandeered control of the lighting, HVAC and entertainment systems of 200 rooms at a hotel in Chinese city Shenzhen.
  • A year before that, the US Department of Homeland Security revealed hackers had broken into a “state government facility” and made it “unusually warm”.
  • Google’s Sydney office was hacked through its building management system in the same year. Two cyber security experts discovered the vulnerabilities via IoT search engine Shodan.[2]

This also goes beyond smart homes however, as smart cities are increasing. Dubai for instance ‘has implemented a smart city strategy which has engaged builders, government officials, and security platforms in order to support numerous facets of smart technology. Real estate developers such as Emaar Properties build “smart” into their building infrastructures, major developments, and communities, helping to shape the city in the process.’[3] As a result there is emphasis on security not only being the backbone of these smart cities, but also acting as a preventative measure that will keep citizens safe.  Good news is that one can secure smart cities, businesses and homes, it just takes co-operation from manufacturer, vendor and consumer. In the manic hurry to remain on top, it is often found that these devices are lacking the layered security that would be present in more important units. However, vendors and consumers can protect themselves by adding their own security measures to whatever they are.

Security First

When you are about to invest in something long term such as smart technology, your first priority should be security. This should be paramount as they will become integrated into your network and, as a result if hacked and attacked, would cause irreparable damage to your business.

Making the security of these products the critical buying decision means that not only are you going to be investing in good quality technology, but also that any vendor or manufacturer has to live up to the standards set by the consumer. Thus each new piece of technology will become more secure than the last.

Update, update, update

When you have IoT and smart tech devices in your business, there will be updates. So update regularly and safely. Talk with your vendor about their update process and what security measures they have in place to ensure that no one can access your devices through a corrupted or modified update. It must be possible to update the software on all devices, and that each update and installation is up to industry standards. They are there for a reason. So, double check the standards and whether your vendor can comply with them so that safety and security is ensured across your system.

Register and Monitor

Like every computer system in the world, IoT and smart devices need constant monitoring to ensure they are working perfectly and that there are no bugs in the system. Making sure that you have carefully configured and registered each device on your network means that you can quickly find an unidentified device or breach. Two step authentication is the most popular form of securing devices to your network, so that only validated tech has access. This will stop any other devices being able to access the network and corrupt it.

Passwords and Internet

We can’t state this strongly enough: do not use easy to guess passwords. You will be begging, not asking, for trouble if your password is something akin to ‘Password1’ or ‘1234’. Use a password manager such as Lastpass, Dashlane, 1Password (there are loads out there) to keep all your passwords secure and safe. They can also generate extremely strong passwords themselves that will deter some of the most determined hackers.

Also make sure that your network is safe by checking your internet access. Does it have a password set? Do you have a firewall? Is it up to date? Do you have an anti-virus? Is that up to date? Each of these questions serves a purpose and will help prevent some of the most common forms of attack from hackers and malware.

To finish

To summarise the above, be vigilant in assessing every part of your security and that your strategy is up to standard. There are numerous blogs about cyber security and what standards or codes to look for in your technology. Industry reviews and criticisms are good indicators, as are awards that are given to products in the security categories. Smart devices will make all of our lives easier and can truly benefit not only our domestic lives, but also our businesses and cities. The best way to move forward with this new wave of technology is to remain smart and vigilant. We must make security the highest priority, as all the while more and more sensitive information continue to be stored on the internet.

Back to News