Technology / A matter of life and death: Why the IoT needs an urgent security check-up
A matter of life and death: Why the IoT needs an urgent security check-up
23 November 2016 |
As poorly-secured Internet of Things devices fill our homes, offices and hospitals, they put our data - and even our lives - at risk.
The insecure nature of many connected gadgets leaves them vulnerable to hackers, who can steal information, extort money from victims or hijack devices for large-scale attacks.
But speaking to Business Reporter at the RSA Conference 2016 in Abu Dhabi, RSA's chief security architect for EMEA Rashmi Knowles explained that hospitals - which store large amounts of valuable personal data, use a plethora of connected devices and face diminishing budgets - are at particular risk from cyber threats.
While organisations are told to keep their software up to date and apply reliable solutions to protect themselves, many healthcare organisations are simply unable to do so - although they can take basic precautions to protect their patients and their data.
"Hospitals do not have the funding, infrastructure and skills to do that properly," Knowles said. "It is never going to go away, but they can start doing some of the best practice stuff to minimise the chances [of suffering a cyber breach]."
In hospitals, a breach or infection - a ransomware attack, for example - can be "life or death" - something that Knowles referred to as "murder by internet" in a blog post. Insulin devices, pacemakers and other medical gadgets are all connected to the Internet of Things (IoT), making them vulnerable to potentially lethal cyber attacks.
"If you could hack in, you could kill them," Knowles said.
And although the stakes are higher in a healthcare environment, the threat is also growing in people’s homes, as everything from televisions, to fridges, to safety devices is connected to the internet, giving potential attackers a way in. Although some of these gadgets can seem low-key, the risks may be higher than many consumers think.
“There is a big move with having things like Hive in your house, [which if hacked could] set someone’s house on fire,” Knowles says, noting that vulnerabilities found even in big-brand IoT products like Philips’ Hue lights could put consumers at risk. “I think there are lots of examples where it has been shown there is a threat.”
But where will change come from? Knowles says that although legislation is an option, its development takes “a long time”, and it is manufacturers themselves that need to pay more attention to security from the early stages of product development – especially since the potential of large numbers of hacked IoT devices has been shown off in recent attacks.
“[Dyn] was interesting because of the way they did that, but with the IoT the onus is going to be with the manufacturers of the devices,” she says. “It’s making sure that when they make these devices they are thinking about the security of it.”
The motivation for this shift will ultimately come from consumers, whose eyes are slowly opening to cyber security issues. Knowles does not believe firms will make significant improvements of their own accord while they are still making good money as they are.
“We cannot rely on manufacturers to say, ‘This device is really, really safe,'” she says.
Although customers – and their wallets – will have a role to play in making the IoT more secure, Knowles says it will take more than a personal data breach or a report on a product’s poor security to get their attention. They will have to have “suffered something else”.
“I think what would make them go away [from a certain product, service or manufacturer] is if they had lost money or another impact,” she explains.
But as it continues to expand, the IoT is also making its way into business, and it is unavoidable. Like RSA’s president Amit Yoran, Knowles says the new technology will present security challenges, but it is too important to growth for them to block it out.
“What drives growth is technology, and it brings you risk,” she explains. “Managing it from a business perspective will help you to grow the business. Companies that do that are the ones that will do really well.”