The IoT includes the network of devices, networks, data, smart-buildings, vehicles, and other items embedded with electronics, software, sensors and network connectivity to enable objects to collect and exchange data.
The far-reaching and all-inclusive IoT makes it easy for hackers to attack a diverse range of devices, including smart-phones, automobiles, business, government, and home computerized systems. Unfortunately, as the Internet and the IoT expands into new areas, so do the platforms for hackers to attack. In fact, a recent HP Fortify on Demand study indicated 70% of IoT devices contain inherent vulnerabilities. The takeaway: Everything connected to the Internet – can be hacked!
One of the main reasons proper security measures are not factory-installed into new devices has to do with supply and demand. The consumer demand for new gadgets every few months has surpassed the realistic time for developers to make their new devices totally secure. Unfortunately, developers find it’s easy to continue with yesterday’s CyberSec fixes. They take this path even though news headlines have for years screamed-out the need for new CyberSec solutions.
People and companies that purchase new devices are, in many cases, in the dark. They (falsely) believe – hope – their new devices are secure. It seems obvious, at least to me, developers must take a bit more time to build proper CyberSec measures into their ever-evolving new devices. Why introduce new products that continue to use yesterday’s, easily compromised CyberSec solutions? Why should people, businesses, and governments have to purchase, for example, new smartphones that are immediately open to hackers?
The immediate CyberSec solution that comes to mind, with new and existing electronic devices, is developers must design-in or update security measures as necessary. Equally importantly, users must take the time to incorporate these and their own approved solutions into their devices.
It’s not that we don’t have the resources to solve these IoT security problems. The problem is developers and users do not implement the proper security measures into their devices in the first place! For example, how many of your IoT devices still have factory assigned passwords?
Users can help their own security issues in a straightforward manner as well. For example, how many home or business security systems use Passwords like 123456, Password, or other common passwords that can easily be hacked? Conversely, users also need to stay away from easily guessed-at passwords that relate to family member names, calendar dates, holidays, and so on. As a suggestion, users should consider mixing upper and lower case keyboard characters for their passwords. Here’s an example: universE#felloW_328! Some limitations may apply, per device-system-app. As a further suggestion, users need to contemplate different passwords for different applications, e.g., financials, wireless, social media. Needless to say, try not to make your passwords so complex that you can mix-up or forget them. On another level, why do so many people feel it’s OK to include so much personal information in their social media accounts? Talk about giving hackers gateways into their personal and business lives!
We, as users must voice, describe, and develop security measures to secure yesterday’s, today’s, and tomorrow’s Internet-connected-devices. Let’s work together to eliminate, or at least mitigate to the greatest degree possible, potential CyberSec risks to IoT.