In the past, worms, viruses and Trojan horses have done serious damage to the World Wide Web. With the arrival of so many modern sophisticated applications that are connected to the Internet, potential cyber threats acquire an astounding new dimension. What risks are we facing exactly? How can we best guard against those risks? No better day than Computer Security Day to take a closer look at the security of the Internet of Things.
Internet of Things (IoT) is everywhere: the pacemaker that enables a doctor to monitor a patient from a distance; the smart energy meter that helps you to save costs by allowing you to keep track of your consumption, or the smart refrigerator that keeps a record of the products in your fridge and how long they can still be kept. IoT has created a new world where (user) convenience is paramount and the possibilities seem endless.
However, the amount of personal data that is exchanged in that process also makes us vulnerable to new threats with a potentially tremendous impact. For example, it is in principle possible for cyber criminals to hack a pacemaker and change its settings, or that your smart refrigerator is used to organize a DDoS attack without your knowledge.
Data leaks form another real threat. A few years ago, a cyber attack on digital toy manufacturer VTech Holdings disclosed the personal data of 6.4 million children. Smartphone apps are also particularly susceptible to cybercrime. Earlier this year, the fitness app Strava disclosed secret locations of military bases after military personnel activated the app on their phones and sport watches. Time to market at the expense of security.
Why is IoT such easy prey for cybercrime? A major challenge is at any rate the ‘time to market’: companies want to get their products on the market as soon as possible in order to keep the edge on the competition. Unfortunately, that time pressure sometimes compromises the built-in security system.
These are the basic principles that ought to become more firmly established:
- A major security issue is ‘identity spoofing’. A market survey by Hewlett Packard showed that insufficiently complex passwords are used for most systems, including the cloud. A secure password is best changed every three months, should be longer than six characters, and should include symbols as well as letters and numbers.
- Carry out regular system updates on all your devices. The servers from which the updates are downloaded must also be secure.
- Protect your devices physically as well by minimizing the HW connections and securing the operating system. You can do this by deactivating the USB ports, linking your SIM card to your device, setting up VLANs, and always installing the latest anti-malware software.
- Make sure your devices are equipped with a system that neutralizes potential threats by proactively quarantining them.
If time constraints are considerable, there also exist ready-made solutions that significantly relieve the security concerns of organizations. For example, organizations can easily and safely administer their network, let different devices communicate with each other, and analyze and visualize data over the IoT platform of Telenet Tinx.
In any case, it is obvious that nowadays a simple firewall is no longer enough. Security of IoT calls for a multi-layered approach across all aspects. If we are to guarantee our own cyber security and that of our customers and our children, everyone will have to learn to use the Internet more responsibly: government institutions, commercial companies, as well as every individual end user.
Sam Schellekens, Senior Business Development Manager