Why ‘smart’ is not necessarily clever

David Atkinson – CEO of Senseon, considers whether there are implications from the rapid growth of IoT

Think of your morning commute. Perhaps you live in London and take the Tube. You tap into the barriers, go down the escalator onto the platform, and wait for the tube’s automatic doors to open and close. Or perhaps you live in the countryside and drive to work. You use your car’s computer, go past numerous traffic sensors, and pay for your parking through your phone. However you travel, you almost certainly encounter the Internet of Things (IoT). Indeed, from your morning coffee to your evening pint, IoT follows you everywhere. Yet for something becoming so increasingly widespread, it’s surprisingly insecure.

IoT growth set to explode – but what about security?

IoT has brought pleasure and convenience to our lives. ‘Smart’ sensors in cities enable traffic lights to respond to congestion, whilst in hospitals doctors remotely monitor their patients in real time, and in supermarkets employees know when to restock the shelves. If you haven’t yet woken up and smelt the coffee, you can even connect your morning alarm to your kettle. Some benefits may be somewhat superficial, but as the world’s population grows this vast data collection becomes crucial. IoT devices present governments with a wonderful opportunity to make the lives of their constituents better, through understanding, responding to, and anticipating needs and demands. Consumers also benefit greatly from these widespread advances, with wearable technology in particular experiencing massive growth in recent years. According to Gartner, IoT devices are set to increase from just over 8bn today to more than 20bn by 2020, and in the UK, the government’s Security by Design review warns that we will see the average household go from 10 IoT devices to 15 in the same timeframe. Yet beneath all this convenient functionality, there lies the deeper, hidden problem of security.

60% of executives are concerned about risks from IoT devices 

Indeed, Bain & Co. report that 60% of executives say they are very concerned about the risks that IoT devices pose to their companies, whilst MoneySupermarket find 75% of consumers say they are fearful of IoT devices in their homes. A worrying 90% of organisations surveyed by AT&T warn they don’t have complete faith in the security of their IoT devices. Yet IoT device venders still take their ‘smart’ products to market with insufficient security, leaving consumers unwittingly bringing risk into their homes and workplaces. If you’ve set your garage door to disable your home alarm when opened, then an intruder no longer needs to hack your home alarm system, they simply need to hack your garage door. The threat in the public and private sectors is even more worrying. With everything from gas pipelines to CCTV cameras being part of a connected infrastructure, a hacker could cause serious physical damage. Furthermore, with billions of insecure devices out there, determined hackers are able to build increasingly large botnets by connecting all these insecure IoT devices. Hacking one device might not have an impact, but hacking several million, grouping them together, and launching a DDoS attack could. The 2016 Mirai botnet was so large it took down Netflix and Twitter, whilst the more sophisticated 2017 Satori botnet was even able to steal cryptocurrency.

The need to balance simple set up with resistance to cyber attacks

The obvious solution is for manufacturers of IoT devices to increase the resilience of their ‘smart’ devices to cyber-attacks. However, the process of making them simple to set up, a major selling point for the end user, comes at a cost: poor defence against cyber-attacks. IoT devices are designed to be able to connect easily to open and insecure networks. After all, no one wants to spend fifteen minutes setting up their kettle. Furthermore, government regulation is well intentioned, but the international nature of IoT manufacturing means effective legislation is unlikely and could take years to come into action. Perhaps a better approach for governments would be to educate the public about the risks of ‘smart’ devices. In this way manufacturers may be encouraged to take cyber-threats more seriously, as robust security measures become a selling point to consumers. Businesses would also benefit from a considered approach to deploying IoT devices in the workplace, as tighter security would allow for greater profits. With immense purchasing power, businesses could incentivise IoT manufacturers to increase the security of their devices.

Innovation in the cyber security industry presents the answer to these challenges. The enormous growth of IoT devices presents cyber security companies with the opportunity to develop unique technology to combat even the most complex and subtle of threats. In the workplace, solutions such as deploying on endpoints, monitoring network traffic, and using microservices to investigate suspicious behaviour go a long way towards securing IoT devices from threats. Yet the most comprehensive workplace solution would look at all three together, using AI to autonomously converse between these three senses, allowing this triangulated approach to accurately detect and isolate threats as they appear. In time, such solutions could move into the home.

IoT has many great benefits for individuals and businesses alike, yet the use of devices must be carefully secured by innovative cyber security solutions to keep them safe, giving ‘smart’ the chance to be clever.