I would like to briefly touch on information security in the age of the Internet of Things (IoT). This carries on from my last blog article, which looked at proactive vs lazy security practitioners and, in particular, those who focus on raising the personal security awareness, and therefore the greater security maturity, of their organisations’ human resources.
While it is yet another IT acronym, the IoT has been creeping up on us. With the convergence of mainstream consumer electronics and the penetration and availability of “always-on” internet connectivity, it makes it easier for vendors to get their content across to consumers in a plethora of ways.
Someone who has been keenly following its evolution for a number of years now is Rob Forsyth, and as Rob says, “it’s a-coming”.
While some things are innocuous and in some cases nonsensical, such as Internet connected toasters. There are other critical areas of our lives which individuals with low levels of security awareness or maturity would simply accept, trading convenience for security without considering the risk, in much the same way they trade privacy for services like social media.
Think about risks related to our smart homes, with access control, climate control, lighting, media, kitchens, CCTV cameras, and alarms – all connected to the Internet and prospectively open to remote attack. All those systems are becoming commodity “plug-n-play” consumer items.
Granted the younger generations are benefitting from the pervasiveness of this technology access. My children regularly and seamlessly, play Minecraft across their mobile/portable computing devices, desktop, notebook computers and even the PlayStation. It will not be long before such application access is embedded in our smart TVs, much the same way our subscription and on-demand video content is already.
Will we see live streaming of everybody’s reality TV from every smart-device (phone, TV, fridge etc.)?
Where is the risk for you, and how will your organisation deal with security risks in the age of IoT?
Another factor for consideration that’s close, is embedded health monitoring and “wearable” technology, and the cloud/data services where that highly personal information is being stored. Soon it will not just be protecting your mother’s maiden name, your favourite football club and your date of birth. You will need to secure your weight, exercise routine, eating habits and sleep history!
This article is brought to you by Enex TestLab, content directors for CSO Australia.