Why new tech can be an open invitation to hackers
Do you get excited by new technology? I certainly do.
Whether it’s opening the ZX-81 I got on my birthday in 1981 or the recent SpaceX rocket launch, new innovations bring new possibilities.
Computer consoles, the Internet of Things, voice recognition, driverless cars – we’re all eager to embrace new tech and to take a leap into the future.
The world of business is no different, and as a new technology gains traction many organisations start to become excited about the ways these innovations can benefit not only their customers, but the organisation as a whole.
Look at mobile apps: once the technology started to become mainstream, it seemed like every company in the world was in a rush to develop one.
The current trend is that of IoT, and especially voice recognition. More and more companies have started to create apps for voice devices, as well as build connectivity into their products.
Paul's birthday present in 1981
But in the excitement to adopt these technologies, are companies forgetting about security?
The more you connect, the more routes you give to attackers. Each connection needs securing and in the rush to bring products to market, many devices have been found to have less than adequate security.
Hackers have managed to gain access to everything from connected children's toys to voice assistants and smart light bulbs. Even devices connected to industrial processes have been found to have multiple vulnerabilities which hackers could potentially use to disrupt critical national infrastructure.
Insecure password practices and patches remain primary concerns and it’s up to manufacturers to act upon these concerns.
When you have a device connected to the internet and to your internal network, it provides an opportunity for attackers to not only gain access to your device but to your wider network. For the individual this may mean access to stored documents, personal information and photos, but for organisations it may mean attackers gain access to customer data, employee files or even the plans for your upcoming product launch.
Sometimes it isn’t just about gaining access to your information: IoT devices were at the centre of the Mirai botnet used by attackers to launch powerful DDoS attacks. We’re also seeing attackers using IoT vulnerabilities as a way to install cryptocurrency mining software, using organisations computational power to generate income over long periods of time.
Security is often only considered after release or during the final testing stages. But this mindset can be costly. In fact, according to IBM System Science Institute, the cost of fixing defects after release can be 100 times more than if they had been considered at the initial design stage.
These costs could rise dramatically in the future, especially when you factor in GDPR. Under these new regulations security by design becomes mandatory.
Adopting a security by design mindset is the only way to overcome these issues and by doing so you consider security at every stage.
The excitement of new technology will never go away, and it’s easy to become fixated on the potential benefits of any new innovation. But organisations must consider security before starting any development work.
4 practical tips to secure your IoT
- Does your device really need to be connected? If the answer is no, don’t connect it. If you do need to connect, it’s always best to place your device on a segregated network, away from your key information
- Check for security concerns by conducting a thorough internet search for any hack, data breach or security issues before you connect
- Update firmware and install manufacturer updates on a regular basis. If you are not able to do this your device will become less secure over time
- Change the default password of any connected device. Think office printers, routers, even smart coffee machines. If you can’t change the default password segregate the device or disconnect altogether