With an increasing number of connected devices in our homes, vehicles, and workplaces, the Internet of Things (IoT) is making life easier and more convenient. It is also providing opportunities for hackers and, as a recent US Senate hearing indicated, is seen as a surveillance tool for spies. IoT is something for those seeking to limit IT risk factors to have on their radar screen.
The United States Director of National Intelligence, James Clapper, highlighted the opportunity, predicting, “in the future, intelligence might use (the Internet of things) for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
With security researchers showing the capabilities to get email credentials through a Samsung smart refrigerator the ability to pierce an individual or organization’s defenses via an IOT application is not simply theoretical. Fiat Chrysler was forced to release a software patch after researchers exhibited the ability to remotely assume control of a Jeep Cherokee.
These additional avenues provide new risk factors for IT professionals. Industrial espionage may be something for your organization to be concerned about, particularly if you have technology or trade secrets that nefarious competitors would have interest in. Unsurprisingly, the increasing capabilities of Chinese and Russian hackers were specifically mentioned in Clapper’s testimony.
IoT risk is something that needs to be part of your defensive strategy and monitored and managed on an ongoing basis. With many people doing business on personal devices and taking work devices home, your policies in regard to device use, IoT risk, and how to avoid potential threats need to be communicated to your workforce.