At Mobile World Congress Americas, security experts discussed the growing Internet of Things threat landscape, and why governments, manufacturers, enterprises, and consumers all play a role.
As connected devices permeate homes and offices worldwide, consumers and enterprises tend to overlook the serious digital and physical damage that cybersecurity failures in these devices can wreak.
“These devices offer us a tremendous amount of convenience, but also expose us to risks we may not have spent a lot of time thinking about,” Gagan Singh, senior vice president and general manager of mobile at Avast, said in a session at Mobile World Congress Americas in San Francisco on Wednesday. “It’s not just digital risk, but physical.” For example, a hacker who gains access to your home’s smart thermometer can very easily determine when you are at home or away, leaving your house vulnerable, Singh said.
Further, the harm caused by Internet of Things (IoT) devices is more permanent. “If someone has access to a live video stream of a security camera in your home, once that’s on the internet, it’s there forever,” Singh said. “In the old days, if you had a burglary, you could replace the physical assets, but this digital harm is often irreparable.”
Cybercrime is getting easier to achieve, attribution is almost impossible, and thanks to the proliferation of IoT, hackers have the ability to attack millions of devices at once, Yossi Atias, general manager of IoT security at BullGuard, said in the session. “There is no boundary between digital and physical anymore,” Atias said. “IoT devices control physical aspects of our lives, which opens a wide range of possibilities to cause damage. The boundaries are artificial between consumer IoT, industrial IoT, and enterprise IoT—they’re all connected to the same network, and we’ve seen combined attacks.”
The number of connected devices in use is expected to reach 25 to 35 billion in the next two to three years, Singh said. And the type of devices will also expand rapidly to include things like delivery drones.
“All of these devices have intimate details of our lives stored in a server, and we’re relying on someone else to be a good custodian of that information,” Singh said.
The true issue is protecting the data on the device, not the device itself, Singh said. The best way to do this is to work with a reputable vendor, and to update your software regularly, he added.
“We’re experiencing a period that’s very exciting, because there is a lot of innovation going on and different parties racing to deploy new applications, devices, and techniques,” Domingo Guerra, co-founder and president of Appthority, said in a panel discussion. However, not enough attention is being paid to the potential risks. “We’ve seen it before where we deploy smart traffic grids or street lights and never think about how to secure it or patch it until it’s too late and too costly to address,” Guerra said. “The main risk is not enough caution and foresight into how to address this new innovation securely.”
For full story, Please click here.