Need to know: The dark side of the IoT and how to protect your business
In 2016, the Internet of Things (IoT) was undoubtedly one of the hottest talking points. With digitisation rife amongst modern businesses, it’s become almost a given to be purchasing products that are IoT-enabled.
According to Aura Information Security principal consultant/cyber evangelist Paul W. Poteete, the term ‘IoT-enabled products’ essentially covers any non-traditional device that connects to the Internet. This includes any device that has internal logic that allows a person to change settings or read information about those settings via the Internet, like smart fridges, smoke alarms and thermostats.
However, Poteete says that what they don’t tell you is how these products and devices can be used to commit organised crime, hack into your business (and personal) life, and potentially put you or your business in a very difficult spot - as every IoT device is essentially an access point for malicious intruders.
“For the most part, people underestimate the breadth of hacking that takes place in New Zealand,” Poteete says. “There are hundreds of NZ websites that I have encountered that have been hacked by everyone from lone hackers up to terrorist organisations.”
Poteete affirms that cyber security in New Zealand is often inappropriately addressed, largely because no one actually understands what it entails.
“Individuals were formerly concerned that a hacker would hack a webcam, but now it may be possible to hack a home's HVAC, medical devices, kitchen appliances, utility meters, smoke alarms, or baby monitors,” Poteete says. “The IoT opens the world of cyber threats directly into your living room and beyond.”
While it can be difficult to prevent these attacks, Poteete says it is also hard to actually determine that you’ve been hacked. Some of the more common signs include email phishing attacks that use information gained from IoT devices, IoT settings changing, unexplained usage reports from utility companies, or suspicious deliveries related to IoT automated requests.
So what can we do to protect ourselves? We asked Poteete for his top tips.
I’ve been hacked, what should I do?
“First of all, don’t panic. If you feel that you have been attacked, take a moment to verify that your system has actually been hacked, disconnect the device from the network (wireless, bluetooth, wired, et cetera), change your passwords for your network router, wireless access point, and the passwords or wireless keys on the IoT devices from a known safe computer.
“In regions that allow criminal prosecution for cyber attacks, report the attack to the police as soon as you identify the violation. In New Zealand, a great place to start is "the Orb" or the local police department can help you. In cases of a business violation, contact your information security partner for assistance.”
How can I prevent future attacks?
“Any system can be hacked by a malicious attacker, and in reality, it is often our own mistakes that cause the biggest problems.
“If I had to leave a note regarding the best way to prevent hackers from accessing your personal or business information, I would recommend that effort is made to keep track of what devices are installed in your home and office, what important information that these devices can access, what protective measures have been implemented to protect that information, if the information has adequate backups, and what monitoring is available to track potential intrusions.”
Poteete says that as organisations grow in their understanding of cyber security processes and threats, they will be better able to address the associated risks with confidence.
To help you stay one step ahead of the criminals, Aura Information Security is hosting 31c0n in February 2017, a cyber security conference with a wide range of international cyber experts speaking on various aspects of cyber security.