Industry Observations-Technical Insight

National Cyber Security Awareness Month, Week 3:  Beware your connected devices!

NCSAMAs we look at our current cyber security landscape and see where we’re making progress and where we’re still lacking, it’s important to also look to the future and anticipate where we’re headed. As technology progresses at an ever-increasing speed, so to must the measures we take to secure those technologies. With every new advance there are new attackers that want to exploit those advances. So what will the future hold for us? How risky is the new technology that’s being developed?

We’ve seen a huge shift in how we interact not only online but offline as well. Mobile devices have put the Internet in the palm of our hands. We’re never away from a connected device for any period of time. In fact, there’s a fear now of not having your phone with you at all times. This shift has fundamentally changed how we interact and do business. We’ve seen the shift from brick and mortar stores to online shopping with the rise of Amazon. But now more than ever, our day to day lives are becoming exclusively digital. Banking transactions don’t require us to go to the bank, we can get food and groceries delivered with the touch of a button. Consumer demand for rapid satisfaction is at an all-time high, which is leading tech companies to come up with products and solutions that enable immediate action and instant gratification.

With the rise of IoT devices in recent years, the number of connected devices is ever increasing. If you take a look at your home, you may have dozens of connected devices: Ring video doorbell, Nest thermostat, WeMo smart plugs, connected sprinklers, Amazon Echo, Phillips Hue light bulbs, Samsung refrigerators, just to name a few! With all these devices now having Internet connectivity, the security risk is constantly rising. We’ve already seen attacks utilizing these IoT devices: The Mirai botnet attack in 2016, which utilized IoT devices such as home cameras and routers to DDoS a few targeted websites. That attack was extremely simple – it just looked for connected devices using the default username and passwords. We can see that IoT devices are the wave of the future and securing them will be no easy task.

IoT is an even greater threat when it comes to devices that can put you in harm’s way. We’ve seen the Jeep hack which was presented by Charlie Miller and Chris Valasek in 2015 at the annual Black Hat conference, and which remotely controlled a Jeep vehicle. What happens when we start putting more IoT devices in medical instruments like pacemakers and insulin pumps? As an industry, we need to stop and make sure the security of these devices are put front and center. We often times rush to put a product out as soon as we can so that we’re first to market. However, a first-to-market product with inferior security can put real peoples’ lives at risk.