A recent consumer study from Arm and Northstar told us something that most of us already knew – technology is taking over our lives. Two-thirds of the respondents said that technology took on a bigger role in 2018. We want our smart technologies in our homes and we want to live in smart cities. But here’s an interesting point from that survey. While we like the conveniences that the Internet of Things (IoT) provides, we don’t trust them. Seven out of 10 want to see more effort put into improving IoT security.
The popularity and the reliance on IoT has been trending upward for quite some time now, but despite the dire warnings and the raised awareness about targeted attacks, IoT security has flatlined. It doesn’t seem like the people who should take it seriously are doing so. Just the other day, I saw someone post a picture on social media of an ATM that was booting up through Windows XP. The commentary was along the lines of “oh, this looks secure!”
And that’s the problem; It’s not secure. The IoT continues to be filled with all kinds of vulnerabilities and bugs, but we continue to plod along using devices that use outdated software and flawed technologies. It’s surprising when you think about it. As Jonathan Couch, senior vice president of Strategy with ThreatQuotient told me in an email comment, the IoT has been the whipping child of security predictions for the past few years, yet security remains weak:
IoT devices are flooding the market and they are still at that point in the maturity curve where usability is much more important than security. The providers are trying to create and expand a market of users with new and unique ways to automate your life so the focus is on capabilities and being first to market vs. secure automation and investing their limited development resources to doing whatever they do securely.
This means we continue to play right into the hands of hackers, Couch continued, because they want an easy path to your data. The IoT is an easy target.
And it is a target that has moved into your office space, Brandon Thompson, a managing consultant at A-LIGN, told me via email. Employees are bringing in an overwhelming amount of internet-connected gadgets and toys to their offices, and many of these devices rarely (if ever) are properly configured with the security features in place. And again, it comes down to easy access:
This lack of protection can make for an easy entry point for attackers. Once an attacker gains direct entry through an employee’s IoT device, bypassing a company’s primary defenses, they can quickly compromise an environment. This ever-growing threat has contributed to the rise of data breaches in 2018.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba