I thought this week we could shift from the social engineering risks focus to talk about security risks that are "social". Major ransomware attacks have taken the headlines in recent weeks, however, we should not overlook the cyber security implications of the ever expanding web of internet connected devices and appliances that run almost autonomously.
What is IoT?
You may have heard of IoT ("Internet of Things"), but if not, it generally refers to a network of physical objects and devices connected to the internet that can interact with other online devices using embedded technology.
As the number of connected devices grows, this autonomous communication becomes a huge inherent risk. There are now over 3 billion smartphones in use globally and 8 billion IoT devices, a number set to surpass 25 billion by 2020.
Cyber Security and IoT
Mobile is now the standard method of internet connectivity, and cyber security issues are primarily concerned with data leakage and loss of productivity. With IoT however, the threats are different and far wider reaching. With more and more devices and appliances being connected, hackers and cyber criminals have a far greater attack surface.
What IoT Devices are Targeted?
The targets are no longer just office computers and networks, IoT covers smart home appliances such as TVs, fridges, climate control systems, cameras and home security. On a grander and far more terrifying scale, IoT also encompasses power grids, traffic control signals, bridges, water facilities, and public infrastructure.
There is a greater scale and complexity with all of these devices and systems being accessible from the internet. Many of which are constantly communicating with each other and sharing data without any user input.
The Inherit Risk
The problem lies in the software that these devices run on. It is often dated, seldom updated, and riddled with vulnerabilities. Studies have shown that up to 70% of IoT devices have serious vulnerabilities that could easily be exploited. Our ever growing dependence on online connected technology is debilitating our ability to secure it.
What Needs to be Done?
When attacks do occur they are likely to spread fast, as the WannaCry ransomware did in May or as the Saudi Aramco incident did in 2012 . The industry needs to acknowledge the cyber security risks quickly - for billions of IoT devices it could already be too late.
Going forward, there needs to be protocols, security and encryption technologies for the ever increasing number of interconnected devices.
The alternative is a field day for cyber criminals and ultimately a big blackout for all of us.
PS: If you would like your employees to be more CyberRiskAware through cyber security risk awareness training or simulated phishing attacks to assess how phish prone your business is, we would be glad to help. Request a Free 14-Day Trial today.