- By Alastair Paterson, CEO of Digital Shadows, a provider of Cyber Situational Awareness
For years now, cybersecurity risk exaggerators have been talking about the threat to connected devices from hackers and other cybercriminals. But most observers have scoffed at stories of networked fridges or toasters being hacked and hijacked by cybercriminals. Just where is the real threat to our day-to-day lives from this sort of Fear Uncertainty and Doubt (FUD), they have asked?
Even suggestions that cybercriminals – possibly State-sponsored – have found ways to take down nuclear power stations and power grids is slightly more worrying, but far removed from our everyday experiences and influences.
But news this week that car manufacturer Volkswagen has set up a special cybersecurity firm to protect smart connected vehicles from attack by hackers and other undesirables, would tend to suggest smart device security is getting “real” and is now part of business consciousness.
So far attacks on internet connected cars and self-driving vehicles have simply been the realms of researchers and proof-of-concept, but clearly if manufacturers like car makers are worried that one day their vehicles could be a major target for hackers, we are moving from concepts to realities.
Of course we really should not be surprised that criminals are turning their eyes towards connected devices. After all, hardly a day goes by without new connected devices and services being launched and, if we know one thing about cybercriminals, they follow the opportunity to make money and look to exploit new avenues as services and solutions become mainstream.
It’s all a part of the Internet of Things, or IoT. These connected devices are impacting our lives on a daily basis, changing everything from the way we provide healthcare to heating our homes to running our manufacturing facilities and other critical infrastructure. Of course the ultimate goal of IoT is to increase operational efficiency, power new business models, and improve quality of life. By connecting everyday objects and networking them together, we benefit from their ability to combine simple data to produce usable intelligence. But that also means there is greater potential that more personal information and business data will exist in the cloud and be passed back and forth, and with that comes significant implications for applying proper security to protect the data and establishing privacy policies to address how the data is used.
While much is changing, what continues to be true is that in today’s world of IoT, security needs to be top of mind as the number and type of attack vectors will continue to increase as will the amount of data, creating a daunting challenge for companies and those responsible to defend the infrastructure and keep a watchful eye on would-be attackers and their motives.
We need to ensure we install security on these devices at design stage, not as an afterthought; we maintain sensible security precautions like patching and password discipline; and that we monitor the impact these devices have on our digital footprint and how that puts ourselves and the companies we work for under the potential threat of exploitation.
That way we can hope to take advantage of the undoubted benefits the connected world gives us, while still remaining safe.