What are the security risks associated with the Internet of Things?

|

The Internet of Things (IoT) is one of the most notable technological trends of the modern era. As the concept continues to develop, many organisations are coming up with new and unique ways to apply interconnectivity to everyday objects.

However, with an emerging technology comes the discussion of security. While Telsyte estimates that each Australian household will have an average of 24 devices that connect to the internet by 2020,1 how will consumers handle the potential risks that come with this increased usage?

The IoT sparks fear of data loss

A recent survey from the Information Systems Audit and Control Association (ISACA) revealed that Australian consumers have significant concerns regarding their interconnected devices. The majority (63 per cent) worry that cybercriminals will be able to hack into their smart devices. Another 49 per cent fear that online perpetrators will misuse their medical records which are stored online.2

Most people limited the amount of sensitive data they uploaded, which may be wise considering 71 per cent of cybersecurity and IT professionals believe that current security measures don't address the risks associated with the IoT.3

"In the hidden Internet of Things, it is not just connectivity that is invisible," said the International President of ISACA Christos Dimitriadis.

"What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data." 

Are there inherent risks in IoT?

According to  Verizon's 2015 Data Breach Investigations report, there is yet to be a widely known IoT cyberattack.4 The organisation stated that without any data to draw from, it was difficult to make conclusions regarding the severity of the threat to information. 

However, Verizon did highlight some expert predictions for consumers and businesses to consider. In order to build a secure IoT ecosystem, both parties need to address the following five factors with their data:

  • Purpose: Companies should only collect information if it has a specific use.
  • Consent/Access: Data should never be transferred to a third party without the clear approval of the owner.
  • Anonymi sation: Information must be encrypted when transmitted.
  • Separation: Household and enterprise data should be kept in different repositories.
  • Safeguards: Businesses should put in place level-by-level measures dependant on the type of device.

While the security issues associated with the IoT are not fully realised, there are always measures you can take to protect your personal information. The Identity Watch service monitors the internet for your details, including on forums were this type of data is frequently traded. If we find suspicious activity, we can alert you and assist with the next steps to help reduce the impact of the threat.

1Telsyte. Australian IoT @ Home Market to Reach $3.2 Billion by 2019 Embedding Smart Technology into Everyday Life. Accessed October 2015

2ISACA. Staying Secure in a World of Connected Devices. Accessed October 2015

3ISACA. Wide Gap between Australian Consumers and Global IT Professionals on Internet of Things Security. Accessed October 2015

4Center for Internet Security. Data Breach Investigation Report 2015. Accessed October 2015