Security a high priority for businesses using IOT devices
By AdvocateDaily.com Staff
Security should be top of mind for business owners embracing the Internet of Things (IoT), the interconnection via the web of computing devices embedded in everyday objects that enables them to send and receive data, says Ryan Duquette, principal of Oakville-based Hexigent Consulting.
Anyone who’s recently walked into their local Best Buy knows the Internet of Things is going mainstream, Duquette tells AdvocateDaily.com.
"Everything from light bulbs to video cameras is coming with online connections that allow them to be activated remotely," he says.
And according to Forbes magazine, the trend is set to continue, with 20.4 billion connected devices expected to be in use around the world by 2020.
But Duquette says security issues should make business owners think twice before making any purchases of IoT devices.
“You should ask yourself, ‘Is this something that I really need to be internet-connected?’” he says. “Is it useful for some aspects of business, and can it help with time management? The challenge from a cybersecurity perspective is that many small and medium businesses are enabling them before making sure they’ve properly set up security features.
“Organizations often don't make sure the devices they use on their networks are secure,” Duquette adds.
Product owners who fail to take precautions can find their devices recruited in the exploits of hackers. For example, a recent denial-of-service attack on a major internet routing centre was found to have used an army of hacked internet-connected cameras.
By banding them together to create a bot-network, the hackers were able to knock some of the internet's biggest heavyweights offline.
“The hacked cameras were all using the default usernames and passwords they were sold with,” Duquette says.
Even if they avoid the attention of more nefarious actors, he says careless owners of IoT devices may also be inadvertently leaking information to the wider world.
Duquette uses the website insecam.org, which collects live streams of unsecured surveillance cameras from all over the world, to illustrate to clients the dangers of sticking with default settings on connected devices.
While some owners intend to broadcast their streams widely, he says he doesn’t have to spend too much time on the site to find one that probably wasn't intended for anyone else to view.
“These aren’t hacked devices. You see living rooms and bedrooms, and in some cases, boardrooms, where people are having meetings and sharing private information about their strategies with the entire world,” Duquette says.
And it’s not just businesses who need to have their guards up, he says, pointing to a recent CBC report on a house-seller who eavesdropped on potential buyers via IoT cameras that had microphones and were placed in the property during open houses.
In addition to taking simple steps to improve security, Duquette advises corporate clients to update their workplace policies to reflect the precautionary measures.
“Policies should be updated to ensure that any IoT device is treated the same as any other connected devices that are being used," he says. "From both an organizational and personal risk perspective, end consumers and businesses need to be more aware of how any internet-connected device they bring into their environment may inadvertently be gathering or sharing their information or allowing access points into their larger network."