The Internet of Things (IoT) is a growing mass of connected devices from cars to smartphones to wireless wearable products. Depending on who you listen to, IoT will reach either 26 billion or over 200 billion devices by 2020. Market size estimates convey a similar range, with experts predicting IoT will become a $1.9 trillion (Gartner), $7.1 trillion (IDC) or $19 trillion (Cisco) market by 2020. While the numbers vary, what’s clear is the exploding reach of IoT.
Big data: massive information received
For many organizations, the upside of IoT is the ability to collect millions of data points that can be used to solve real challenges, like predicting weather, protecting our borders, tracking assets and boosting efficiency. Agencies can use big data, machine learning and predictive analytics to mine the IoT data for actionable information that can forecast storms, monitor federal buildings, manage power grids, predict public health trends, improve logistics for military assets and much more.
IoT devices are also in-play in small sectors and homes, and while they provide convenience and oversight to these users, they also report data points back to the Cloud and global databases.
Security: a growing set of risks
The problem is that all of these connected IoT devices feed data into the internet. If unprotected, hackers could infiltrate the network and either steal data, or if sophisticated enough, take control of the devices or even the network itself.
Case in point: One recent news report highlighted the danger of what can go wrong, when a fitness tracking app posted their “global heatmap” and accidentally revealed secret U.S. military bases and CIA “black” sites around the world.
Home devices are also at risk: baby monitors, HVAC controllers, security cameras, and smart outlets/hubs have all been hacked recently; sometimes in the name of malicious fun, and on other attempts, to turn your IoT device into a bot that attacks other internet connected devices.
“The biggest risk of IoT devices is that, intrinsically, they’re poorly secured—and there are no security protocols that can be uniformly applied across all types of IoT devices,” said Tom Norman, technology consultant II (global security consultant) for Ingram Micro. “As they proliferate into ever-larger numbers of devices on systems, this becomes a bigger and bigger challenge. The risk of real physical harm, including the potential of fatalities in large numbers, is a real possibility with IoT devices as they exist on networks today.”
What can be done at the business/government level?
Consumers may feel a false sense of security when offered a government or business-backed IoT device or service, and may not look deeply into the security of the device and the storage. If businesses and organizations are introducing a device to their consumers as part of a service, business and organizations should maintain security and best-practices:
- Set strict controls: To limit security risk, IoT devices must be segregated and isolated within the network to only communicate with authorized devices and banned from communicating with anything other than a specific TCP/IP address or specific port on the network.
- Partner carefully: On the IoT device level, work with reputable vendors that have placed stringent R&D efforts into securing their devices.
- Take a holistic approach: Security is needed at the device level (where info is collected), the network level (how the info is sent) and also the cloud level (where the info is stored).
- Have a holistic disaster recovery plan. Make sure you have a backup plan for data and physical assets. If your data is breached and manipulated, you can restore from your good backup.
- Get educated on blockchain (and how it can help secure data and limit exposure): Watch for innovative companies getting into blockchain, and be prepared to evaluate IoT solutions and products that use blockchain technology.
Security for Home Users
- Password Safety: Always change the default password on devices. Use a complex password that you don’t use on other devices/accounts.
- Use a Pseudonym: when/if you name your device on the network, don’t user personal identifying information in the device name. For example, don’t name your phone “Jane Doe’s iPhone” if your name is Jane Doe. It is also a good idea to not include the exact model information in your device name when possible.
- Protect Your Information: Be careful about the information you post regarding your IoT devices. If you write an Amazon review, make sure your IP address and serial number isn’t shared. If you show stats from your IoT devices on social media, make sure you aren’t sharing sensitive model or network information. These little tidbits of information can unknowingly provide network and device access to hackers.
- Be Aware and Up-to-Date: run firmware updates when available, and stay up-to-date on news regarding current vulnerabilities.