Internet of Things (IoT) is transforming the way we live and transact as a society. With the number of connected devices proliferating, cyber threats will increase as cybercriminals have a lucrative target. Gordon Love, Vice President, EMEA Emerging Region, Symantec tells The Integrator what precautions businesses and end-users can take with these smart devices.
Q1. How will Internet of Things transform the way we live?
A1. Internet of Things (IoT) has already transformed the way we live today and will continue to do so as we adopt more and more internet-connected devices. While new IoT devices can bring great benefits to our everyday lives, they also have the potential to become serious security risks and can be an easy and lucrative target for cybercriminals. Whether through fitness trackers and routers to home security systems, smart TVs and baby cameras, cybercriminals are starting to pay attention and threats are on the rise.
Cybercriminals are interested in cheap bandwidth to enable bigger attacks. They obtain this by hijacking our devices and stitching together a larger web of consumer devices that are easy to infect because they lack sophisticated security. All they need to do is pre-program their malware with commonly used and default passwords, allowing them to easily hijack device passwords.
As we see more and more consumer devices being hijacked because they are connected to the internet and their default device passwords have not been changed, a bigger emphasis on securing these devices is needed. According to Symantec’s Internet Security Threat Report published earlier this year, IoT devices continue to be ripe targets for exploitation. Symantec found a 600 percent increase in overall IoT attacks in 2017, which means that cyber criminals can exploit the connected nature of these devices.
Q2. There is a proliferation in the number of smart devices across the globe, including smart homes, increasing the surface and vulnerability to cyber-attacks. What security hygiene must be followed to mitigate these threats?
A 2. Security varies a lot with different smart devices, so it is difficult to give generic advice to users. It is important that users remain vigilant when installing smart home devices and make sure that the device configuration settings are understood.
Here are a few points to consider when installing smart devices, which can also be used for home as well:
• Use strong and unique passwords for device accounts and Wi-Fi networks
• Change default passwords
• Use a stronger encryption method when setting up Wi-Fi networks, such as WPA2
• Disable or protect remote access to IoT devices when not needed
• Use wired connections instead of wireless, where possible
• Use devices on a separate home network, when possible
• Be careful when buying used IoT devices, as they may have been tampered with
• Research the vendor’s device security measures
• Modify the privacy and security settings of the device to your needs
• Disable features that aren’t needed
• Install updates when they become available
• Ensure that an outage, for example due to jamming or a network failure, does not result in an unsecure state of installation
• Verify if smart features are really required or if a normal device would be sufficient
Q3. What is ambient security and how does it help secure IoT?
A3. An ecosystem of devices, which we call “ambient computing”, offers a theoretical hope that we can change the game of security for IoT, and move closer to the long-term goal of absolute cyber security in the Internet of Things era.
This is how this work. Imagine if your device was connected to a cloud-based service that delivered “always on” security? What’s more, the device wouldn’t be able to connect to anything except through that particular security service, which would offer full protection against any imaginable cyber-attacks cooked up by the bad guys.
This isn’t fantasy. We already do something similar for laptops, smartphones, and tablets with “firewall as a service” offerings. Many enterprises also use cloud-based services with global deployments of security hardware so that wherever they connect, employees are connecting through these security sites.
Some may be connecting over an untrusted local connection but that’s why those services set up a “personal” crypto connection, thus eliminating the need to trust a particular local network. What’s more, everything is encrypted from the device to a secure site, which deploys security hardware to protect users from potential attack.
Of course, firewalls aren’t enough. That’s why such services need full proxies and careful “key management.” That allows the security hardware to even defend against attacks tunneling through encrypted web connections. Fortunately, this exists today in commercial services like Symantec’s Web Security Service (WSS).
Q4. What can be done to ensure a strong and secure foundation for urban futurism?
A4. Today, and into the future, the Internet of Things (IoT) will continue to see humanity take a new foundation (the Internet) and use it to build things that fundamentally change the way we live our lives.
It is difficult not to get excited about self-driving cars that learn from each other, connected homes that allow us to remotely monitor and control our personal spaces and smart meters that have a profound impact on a nation’s energy consumption. But, there are likely to be unintended consequences to all of these ideas that technologists (even the really clever ones) are likely to miss given the current drive for innovation that is being encouraged by both the private and the public sector.
At Symantec, our primary concerns with regard to urban futurism have to do with personal privacy, trust and the security of systems and information. Interestingly (and with a few exceptions) a great number of the technologies needed to facilitate a trust-worthy and secure IoT already exist. Now, a great deal of work needs to be done to push this forward and to create working frameworks within which we can all operate and collaborate to create useful and trustworthy solutions that