Security in the age of IOT

Matt Tett

Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at blog at and can be found on twitter as @enextestlab.

I would like to briefly touch on information security in the age of the Internet of Things (IoT). This carries on from my last blog article, which looked at proactive vs lazy security practitioners and, in particular, those who focus on raising the personal security awareness, and therefore the greater security maturity, of their organisations’ human resources.

While it is yet another IT acronym, the IoT has been creeping up on us. With the convergence of mainstream consumer electronics and the penetration and availability of “always-on” internet connectivity, it makes it easier for vendors to get their content across to consumers in a plethora of ways.

Someone who has been keenly following its evolution for a number of years now is Rob Forsyth, and as Rob says, “it’s a-coming”.

While some things are innocuous and in some cases nonsensical, such as Internet connected toasters. There are other critical areas of our lives which individuals with low levels of security awareness or maturity would simply accept, trading convenience for security without considering the risk, in much the same way they trade privacy for services like social media.

Think about risks related to our smart homes, with access control, climate control, lighting, media, kitchens, CCTV cameras, and alarms – all connected to the Internet and prospectively open to remote attack. All those systems are becoming commodity “plug-n-play” consumer items.

Granted the younger generations are benefitting from the pervasiveness of this technology access. My children regularly and seamlessly, play Minecraft across their mobile/portable computing devices, desktop, notebook computers and even the PlayStation. It will not be long before such application access is embedded in our smart TVs, much the same way our subscription and on-demand video content is already.

Will we see live streaming of everybody’s reality TV from every smart-device (phone, TV, fridge etc.)?

Where is the risk for you, and how will your organisation deal with security risks in the age of IoT?

Another factor for consideration that’s close, is embedded health monitoring and “wearable” technology, and the cloud/data services where that highly personal information is being stored. Soon it will not just be protecting your mother’s maiden name, your favourite football club and your date of birth. You will need to secure your weight, exercise routine, eating habits and sleep history!

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags: information security, social media, Enex TestLab, Rob Forsyth, IoT, Internet of Things (IoT), CSO Australia, directors for CSO Australia, cloud/data services, security practitioners

Show Comments