A fridge that notifies your phone when you're low on milk.
The oven you can start from an app.
The home security system you can monitor from around the world.
So convenient, so cool, and... so risky?
IoT increasing opportunity for hacks and cyber attacks
With the Internet of Things devices continuing to explode onto the scene, we know the attack surface for bad actors is growing.
SecureWorld Advisory member James Beeson, CISO at Cigna, spoke about this at the SecureWorld cybersecurity conference in Dallas last week.
"When it comes to IoT, the 2016 spend was about 730 billion dollars. By 2020 the spend will be nearly double that. And by 2021, billions in apparel sales, alone, are forecast to be tied into the IoT."
He says for bad actors, this spells opportunity, as they learn to take advantage of cybersecurity holes in the IoT.
5 steps to securing the Internet of Things
One of Europe's top crime-fighting operations, Europol, is increasingly focused on cybercrime.
They just convened a large meeting of Europe's Cybersecurity leaders around cybersecurity of the IoT. Here are five of things the group agreed on that the IoT needs now to improve cybersecurity for all of us:
- The need for more cooperation and multi-stakeholder engagement to address interoperability, as well as security and safety issues especially in light of emerging developments like industry 4.0, autonomous vehicles, and the advent of 5G.
- A focus on securing the architecture and underlying infrastructure of IoT devices, creating trust and security across different networks and domains. This is preferable to securing things as an afterthought or bolt-on.
- To effectively and efficiently investigate the criminal abuse of the IoT, deterrence is another dimension that needs strong cooperation between law enforcement and the security community.
- Leveraging existing initiatives and frameworks, a multi-pronged approach combining and complementing actions at legislation, regulation and policy, standardization, certification/labeling and technical level is required to secure the IoT ecosystem.
- There is a need to create stronger incentives to address the security issues related to the IoT. This requires achieving an optimal balance between opportunity and risk in a market where high scalability and short time-to-market dominate, positioning security as a distinct commercial advantage and putting it at the heart of the design and development process.
There is something else all of us can do: start asking about the cybersecurity of the IoT devices we are buying or using.
The Privacy Professor, Rebecca Herold, told SecureWorld we should even be asking about IoT security at the doctor's office.