Scott McKellar is currently a Technical Consultant at Mimecast where he has been since early 2019. Scott has been working in the technology industry for fifteen years and is passionate about technology & security. Scott enjoys understanding his customers and prospects often complex business challenges and aligning them with technology to solve problems and add value. Prior to his role at Mimecast, Scott headed up the technology team for an Australian leading Wi-Fi analytics SaaS and IaaS provider; Discovery Technology (a Data#3 company).
How IoT brings cyber risks into our homes and workplaces
The explosion of smart internet-enabled devices across the commercial and consumer sectors has been nothing short of revolutionary.
IoT devices are becoming powerful tools for businesses and have created a whole new breed of consumer products, but there is a dark side to all this exciting new tech. In the rush to get the latest and greatest IoT products to market, many manufacturers are cutting corners and unfortunately, cybersecurity is often an area that falls off the radar during product development.
Smart home devices open the door to virtual break-ins
Internet-enabled smart TVs, voice-powered digital assistants, fridges, doorbells, garage doors and even locks are quickly becoming commonplace in homes across the country. The majority of these mass-produced consumer devices are manufactured overseas, where manufacturers are under no obligation to follow any cybersecurity standards. They are made as quickly and as cheaply as possible, and as a result, come with outdated software that may be five or six years old, unchangeable default passwords, and barebones security measures, if any.
That leaves these devices open to hacking and introduces a digital backdoor for hackers that lead straight into our homes.
“It’s a wild west... There is no global tick or seal of approval for these devices … or standards like we have for other products sold in this country. We don’t have consumer rights or law to protect buyers. The market is driven entirely by price, not what’s best for Australian citizens.” - Garret O’Hara, Principal Technical Consultant, Mimecast
Commercial and industrial sectors are wrestling with IoT cybersecurity questions
On the industrial and commercial level, IoT devices open up the possibilities of a shared ecosystem and operating model across businesses, supply chains, vendors and third-parties. But the lack of common security standards plagues these sectors as well. Introducing voluntary guidelines is a good first step, but unless mandatory cybersecurity standards are enforced, it’s going to be an ecosystem plagued with security gaps.
We’ve talked about the difficulty of securing supply chains before, and the same challenge extends to IoT networks. Any single vulnerability at any point in the chain can quickly cascade throughout the entire network.
While different industries have come together to create some semblance of a shared code of cybersecurity, there’s still enormous variation not just across industries, but within industries as well. In most large organisations, the approach to cyber risk differs by region, product, or even individual business units. That ‘silo mode’ of operation had been fine until now, but as business functions become more digitally-integrated, many companies are exploring strategies like establishing Security Zones to manage the risk. Deploying loosely coupled systems can help ensure that the failure of a single device doesn’t lead to widespread failure. But these are band-aid solutions. The long-term solution will come from policy and regulation considerations, not just the technology.
As with any endeavour, the costs and risks of IoT networking need to be weighed against the benefits, and the benefits of interconnected IoT networks are massive. Industry bodies and organisations are coming together to create some universal security standards for their sectors, and the hope is that with or without government regulation, companies will choose to follow those standards voluntarily because it makes doing business easier, more convenient and more secure.