Internet_of_Things

The Internet connects computers around the globe, but these devices have changed massively over the years.  It started with huge systems that would fill a room, before moving onto personal computers (desktops and laptops) and then to Smartphones and tablets. Now, nearly everything is connected to the net and this is called the Internet of Things.

Sadly, as well as providing us with great information and ease of completing tasks – such as our weekly shopping – the internet also has those interested in criminal activity and, like it or not, you will be a target of this activity if you have not already been compromised and just don’t know it yet.

I have bad news, and then really bad news.  The bad news is that we are in a situation whereby there are a growing number of attackers; and the really bad news is that they are increasingly getting access to an even larger amount of targets to compromise.  The 2014 Consumer Electronic Show (CES) was both exciting and horrifying, as gadget after gadget had some Internet enabled feature. Most of these are produced from companies that do not understand the fight and ongoing battle of Internet security.

As it stands at the moment, you may tend to the security of maybe a few computers, your Smartphone (and all those application updates), and maybe a tablet; but with the Internet of Things, you will have to add your car, all of the home automation involving lights, home security, appliances, and even wearable devices used for fitness and diet!  Even if these units ship to you with no vulnerabilities, these talented bad guys will find a way to compromise the systems.

Never before will you have so much of your personal information, information on your lifestyle and everything you do in a 24-hr period, available on the Internet.  If the attackers are targeting you, they now have a multitude of access vectors to explore.  If they are just using you as a resource to target another, your home devices could easily be a part of a nation state sponsored denial of service attack on some targeted country.

The problem is that most people will never update these Internet of Things devices and herein lies the real issue.  Security is a process, and this is where the process breaks.  Securing a system is about constantly being able to adapt to the changing threat environment and we have a hard enough time updating all the applications on our personal computers and Smartphones. Now add 30 more devices from 10 different vendors and you see the problem!

Consumers don’t know how to ask for these security features, so the vendors are not going to prioritize them.  Security standards will be put in place, but they move too slowly when compared to the innovation taking place in the threat environment.  If I sound concerned, I am, and I am not alone.  So what is the answer?  How is this all going to play out?

I don’t think any of the consumer electronic vendors will have the incentive to invest in a secure software development practice. So if devices are not secure, WE will have to secure them and this will involve a birth of services for the home, much like home security services but for the Internet systems.  It is a huge opportunity for service providers to step in and deliver enterprise level security expertise for the home and individuals of that home.

When dealing with the security of the Internet of Things, we are talking about the security of the Internet at large.  There are a lot of new devices coming online that will bring with them new vulnerabilities that will need remediation.  As a consume, your must understand the total cost of ownership here and a device that gets compromised is a device that will require your attention and the ability to update. So, first and foremost, understand how your vendors will be delivering updates to these systems and preferably in an automated fashion.   You do your part and hope that everyone else does theirs, because an insecure system on the Internet is everyone’s problem.

With the Internet of Things being hailed as the next big thing, this will be an exciting time for Eskenzi PR. So many more devices being connected to the internet means more vulnerabilities and attack vectors for our 20 security clients to comment on. Which, in turn, means more coverage!

Advertisements