Bookmark and Share

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things

Hacking issues in the Internet of Things is an interesting and very relevant topic in this age due to the plethora of devices that are interconnected in internet space and sharing data. Data is being transferred at a rapid pace across devices, and that data is becoming increasingly more sensitive and is even used to monitor some users. For example, many insurance companies provide discounted rates if their customers use devices like the Fitbit to monitor their health and activity—but through that, they are able to directly monitor these customers. The average user of these devices is all too willing to give up their privacy for convenience’s sake, and don’t want to deal with the “small print” of what private information they’re truly divulging. As such, the group is concerned about where all this data could be going. With so much data being transferred from user to company, there is an increased potential for that information to be taken advantage of in its transfer. The internet of things a potentially dangerous space where this information can leak or be hacked into.

The group then moved on to discussing what best practices security teams should be using to aid in keeping this flow of data well protected within the industry. For example, some level of anonymization on the user’s behalf should be implemented—such as not using any part of your Social Security Number, address, or anything other potential identifier to create your passwords, usernames, and so on. When users implement devices like Fitbit, or even a GPS system, all of which track their patterns of movement, they should have that anonymity surrounding their identity in the event that the information is compromised so it cannot be traced back to them personally. Requiring strong authentication requirements is another practice that should be utilized in every company—such as signed, consistently patched software updates, so no one is utilizing software on their devices that comes from untrusted sources. We as companies should also be demanding the same level of best practices from our vendors when they provide us with software or work alongside us in our endeavors. We are only as strong as our weakest security link, and that includes our connections with vendors.

Security teams should not wait until there is a crisis, breach, or attack to require best practices to prevent breaches as our information flows consistently and rapidly from B2B and B2C. They should already be working toward the safest, most secure methods to keeping sensitive and private data as secure as it can possibly be.