What is Internet of Things IoT)?
The Internet of Things, or IoT are physical devices that transmit and receive electronic information. Known as ‘smart devices’ these things can be everyday object such as, Mobile phones, watches, media devices. Even a coffee machine or doorbell can make up the Internet of Things.
Internet of Things IoT on a network
When a device connects to a network a local IP address is assigned by the router, server or other controlling device. This is just the same method as when your desktop or laptop connects. The Local address would look something like 192.168.0.28 and will be unique to each device. These unique IP addresses allow the flow of data between IOT / Internet of Things devices such as printers , phones, watches, tablets. As they are on the network they can have access to send and receive electronic information from the internet.
IoT risks to a business
Now knowing how IOT devices are connected on a network and also access outside the network we can build a picture of the internet of things risks for business and also personally.
Internet of things IoT Business risk
Smart IOT devices are worn by staff on their wrist, mounted on walls as a smart TVs, CCTV recording equipment, heating controls, coffee machines and printers to name a few. If device has a security flaw unauthorised access could be obtained. Such access could be to monitor staff behaviour and even catch credentials being input to a computer. Devices can be used to ping other devices quickly and repeatedly slowing down of freezing a network in a DOS attack.
Internet of Things IoT Attack examples
Stuxnet worm Attack
While not technically an IoT attack they principle is consistent with how a cyber criminal attacks IoT devices.
Stuxnet targeted Iran’s nuclear facilities and later other energy-producing facilities. The first Stuxnet attack was aimed at the programmable logic controllers (PLCs). This changed the PLC’s behaviour while feeding back the controllers correct information so it was wasn’t detected.
Offices in Finland had their heating controls overridden in sub zero temperatures effectively closing down the office until rectified caused disruption and financial damage.
Potential IOT risks in an office is the Smart devices such as Televisions , webcams and phones that can be remotely turned on it listen to sensitive information.
An unsecured network and systems could also allow devices to connect and extract data or introduce malware.
How to Protect against IoT attacks
Attack attempts continue to grow and evolve against current protection. There are basic steps that can be taken to protect your company or yourself against IOT exploitation.
- Change the default password for the device
- Create a secondary network for IOT devices away from the main company network
- If needed for business IOT devices should be encrypted
- Install a trusted reputable firewall
- Install Anti Virus and cyber security software
- Have an updated cybersecurity project plan
- Close unused network ports
- Disable unused features on a device
- Keep all devices updated with the latest firmware and updates
- If a device is not needed on a network, take it off
- Introduce staff policy when bringing in smart devices
- Introduce a reporting line for suspicious behaviour or systems or devices.
Internet of Things the good side
The Internet of Things has transformed the way we live and for the most part is positive. Allowing for remote working, and meetings staff now enjoy an increased work life balance. Keeping track of health, reminders for events and setting heating to come on for when we arrive home are the luxury’s reserved for moves just a decade or two ago. But with this open flexibility come the risk of exploitation. Safe use and keeping up to date with the latest threat knowledge and device updates should leave you enjoying all the benefits the internet of things offer.