Monitoring threats and anomalies is a good practice with many tales of success. Using physical security, such as monitoring via CCTV security solutions, as an example is critical to protecting families and company assets from harm and theft.

But what if these IoT devices, which provide for and assist in the safety of family and children, become the tools of invasive harm by criminals?

The proliferation of IoT devices has multiplied the attack surface and exposed organizations, individuals, and society to new security threats.

Demystifying IoT: Understanding the World of Connected Devices and Their Impact on Our Lives

IoT is the abbreviation for “Internet of Things,” which refers to a network of physical devices, vehicles, home appliances, smart watches, and other items that are embedded with sensors, software, and connectivity to enable them to connect and exchange data with various other devices or with central servers and databases.

In simpler terms, IoT refers to a system of interconnected devices and objects that can communicate and transmit data and information over the internet without requiring human intervention.

Access to this information and the type of information are of critical importance. Types of information include location data, images, videos, time and date stamps, actions performed, medical details, and all other information as per the definition of personal identifiable information (PII).

Are your IoT devices protecting you or exposing you to danger? Find out now!

    The following are some of the risks associated with poor IoT cybersecurity practices: These cybersecurity hygiene practices are not new, but IoT introduces “new” intensity levels of risk and harm, such as unauthorized sensitive privacy disclosures, phycological harm, and potential physical harm, when cybersecurity practice is not applied sufficiently.

    • Data and privacy breaches: Poor IoT security practices can lead to data and privacy breaches, exposing sensitive private information (photos, medical records) to unauthorized access. Remediation: Encryption of data both in transit and at rest, access control, and user authentication can help prevent data breaches.

    • Lack of accountability: Poor IoT security practices can lead to difficulties in tracing attacks and identifying the responsible party. Remediation: Establishing accountability through proper documentation, logging, and monitoring can help identify the responsible party in the event of a breach. Apply due diligence to the IoT product and vendor in which you want to invest. Not all products are made equal, and not all manufacturers want to prevent breaches. By design, some enable unauthorized access, monitoring, and data collection.

    • Physical security: Poor configuration can lead to theft and physical harm. IoT devices such as IP cameras and CCTV platforms can expose the “apex” of sensitive information, which can include the viewing or monitoring of personal movement, actions, and images, personal space layout, and personal belongings. Remediation: Ensure that your IoT solution has industry-recognized cybersecurity best practice functionality built in. Ensure that your service provider or installer implements good cybersecurity practices, which should include documentation, training, change control, secure configuration, anomaly alerting, and solid identity and access management principles.

    • Vulnerabilities: IoT devices are vulnerable to exploitation if not secured correctly. Attackers can use these vulnerabilities to gain unauthorized access to devices, steal data, and launch attacks against other systems. Remediation: Regular security updates, patch management, and vulnerability assessments can help identify and mitigate vulnerabilities.

    Proactive Protection: Prioritizing IoT Security to Safeguard Your World and Embracing a Culture of Verification

    In conclusion, organizations, private citizens, and society need to prioritize IoT security to avoid the harm and risks associated with poor IoT cybersecurity practices. As a cybersecurity consultant, I would advise you to assess your IoT security posture without delay, whether it be your vehicle, home, school, factory, or office, and do this continuously. Have the conversation with your family, colleagues, and associated service providers, such as car manufacturer service center representatives, internet/Wi-Fi service providers, and security company providers (CCTV/Alarm). Never assume; always verify!

    When in doubt, do not hesitate to ask for assistance and support.

    Author: Pieter van R. van Oudtshoorn
    Chief Information Security Officer
    CISSP®: 527449
    CFE: 851129

    FAQ’s

    IoT stands for “Internet of Things” and refers to a network of physical devices, home appliances, vehicles, and other items that are embedded with sensors, software, and connectivity to enable them to connect and exchange data with various other devices or with central servers and databases.

    Some common examples of IoT devices include smart thermostats, home security systems, health and fitness trackers, smart home appliances, and connected vehicles.

    IoT offers numerous benefits, such as improved efficiency, automation, cost savings, and convenience. With IoT, devices can communicate with each other and perform tasks automatically or with minimal human intervention, leading to increased productivity and reduced operational costs.

    Poor IoT security practices can lead to data and privacy breaches, theft, and physical harm. IoT devices are vulnerable to exploitation if not secured correctly, and attackers can use these vulnerabilities to gain unauthorized access to devices, steal data, and launch attacks against other systems.

    To improve IoT security, it’s essential to regularly update devices with the latest security patches, use strong passwords, and enable two-factor authentication whenever possible. Additionally, it’s crucial to encrypt data both in transit and at rest, establish accountability through proper documentation and monitoring, and ensure that your IoT solution has industry-recognized cybersecurity best practice functionality built-in.