14:04 06 October 2017
Many organisations do not have an idea how many unsecured devices are connected to their networks. These devices are vulnerable to hackers and pose a major security threat.
Imagine a hacker remotely turning off a life support in a hospital or shutting down a power station. These scenarios can be catastrophic.
Hussein Syed, chief information security officer for the largest health provider in New Jersey, presided over a complex web of connected medical devices spread across RWJBarnabas Health’s 13 hospitals. When a specialist IoT cyber-security program carried out a full audit, it was discovered that there were 70,000 internet-enabled devices accessing the health’s firm’s network.
"We found a lot of things we were not aware of. Systems that weren't registered with IT and which didn't meet our security standards."
"These unidentified devices could definitely have been access points for hackers who could have then found high-value assets on our network," says Mr Syed.
He added: On the black market "health data is worth 50 times more than credit card data."
Internet of Things (IOT) refers to a number of devices that are connected by the Internet, allowing them to talk to each other. An example is a smart thermostat that can be paired with a smartphone app so the user can remotely adjust the temperature in their house for whatever purpose it may serve.
Because IOT devices are found everywhere, including our home, it is important that they are secured and safe against hacking. Otherwise, some devices (such as smart home locks) can be rendered useless if hackers are able to figure out a way to disable them.
Despite growing concerns, security and privacy remain the two critical concerns in the IOT. This is because most IOT devices are not built with security as a priority from the outset. They are designed by people who have expertise in appliance design but with little or no experience with connectivity or security. Often, manufacturers respond to threats through software patches that are used as vulnerabilities appear, which leaves users exposed to attacks.
Experts recommend that OEMS and system integrators consider the environment in which their product will operate. This can help them identify potential threats and this can empower them to determine ahead of time the needed security measures to keep end-users safe.