Security Plays Catchup with Internet of Things

May 23, 2018


We have entered the fourth industrial revolution where Cyber-Physical Systems (interconnection of hardware, software and process), and big data is now the big talk for automation, real-time and process control.  However, what has sparked off this big data revolution and what is Big Data?

Big Data defines the collection, storing and processing of enormous volumes of data collected from systems and devices.  This information gets collected to be aggregated, stored and analysed to identify trends and patterns and provide more detailed reporting that has never existed in the organisation.  Big Data takes on many flavours and data can be stored on-premise or in the cloud.  This connectivity challenges the norm by where there has been segregation between automation systems and the Internet for a large number of year.


The Internet of Things (IoT) is part of this cyber-physical system, and the IoT represents all the Internet-connected devices that perform some discrete job in the target digital environment where they are deployed in and report lots of data into a system (either on-premise or cloud-based) for analysis.  IoT related devices can range from your simple Internet-connected light globes all the way up to devices that are managing and monitoring automation processes in factories, for instance, measuring vibration on the iron ore crushers in a mining process.  There are many uses for these devices and every day a new device released for a particular use.


These IoT devices have slowly crept into our houses.  Use of IoT devices range from a simple internet connected refrigerators, internet connected light globes and internet connected Barbie dolls.  The Internet connection provides an interface with software that is used to configure these devices to perform various tasks.  In the context of the light globe, from a mobile phone, turn the luminescence on and off, dim the light and even gain statistics on the use of the globe.  There is an ever-increasing growth in consumption of these devices, and, while the excitement is growing proportional to the consistent growth of this technology, security has become a concern.  Security simply has not caught up with the rapid development of these IoT devices and rate at which these tools get deployed.


Many of the IoT devices get designed on hardware and technology that is security tested and contain backdoors or a path for a malicious threat actor to gain unauthorised access to the devices should they be located on your network.  Furthermore, these backdoors in the devices, are designed, once connected to your home or business network, connect out to the Internet to create a tunnel between your network and the malicious party's network.  It is difficult to configure these devices or identify if there is any backdoor in the device without a higher level of skill and understanding where to look.  So are we at the mercy if these poorly design devices.  Software updates do not get deployed like that of a Microsoft operating system. Therefore, vulnerabilities remain exposed for extended periods of time.

Here are four tips to consider when deciding to implement IoT based devices in your household or business:


  1. Ask yourself, "Is this device necessary?".  You may be adding a large vulnerability to your network for no reason by adding hardware that is not necessary for your environment.  Sometimes the traditional ways of doing things are better.

  2. If the excitement of implementing the device in your network outweighs the necessity, ensure you research the device, the manufacturer and identify if any suspicious reports exist about the device on the Internet.  You could be opening potentially, additional vulnerabilities in your digital environment.

  3. For businesses looking to implement these devices into the environment, consult the services of a cyber security organisation to discuss the applications of the device, discuss the architecture you are going to use to implement the devices and work out any potential risks that require treatment before releasing the device into your production environment.

  4. Always ensure, if the manufacturer's instructions include security considerations, follow them and obtain advice on the settings, especially in a critical business scenario.  Furthermore, consult other industry standards that could provide insight into protecting your digital environment against attacks launched against the IoT devices in your environment.


The list above outlines four key considerations when implementing IoT into your home or business.  Discussing requirements before implementation is always a good start to ensure you do not introduce vulnerabilities into the environment.  Treat every scenario differently.  Everyone has different applications, reasons and deployment methodologies for these IoT devices and understanding the risks is vital.  IoT based devices are great, and this technology is increasing.  Some of these devices have some great uses at home and in businesses, and some devices are potentially unnecessary for your environment.  We are still playing catchup with Security for IoT devices, and incorrect implementation will introduce unnecessary vulnerabilities to your digital environment.  Think about whether you need the device in your environment, and if so, ensure you understand the risks to your digital environment.  Understanding the risks that IoT introduces to your digital environment is most important.  Technology is there to enhance our lives, not add complication and stress.

Please reload

Our Recent Posts

Five Key Takeaways for Defence Industry Cyber Security

August 19, 2019

Management: Your Business is your Business

May 7, 2019

You and A.I.

March 7, 2019

Please reload