IoT, commonly known as the Internet of Things, refers to any gadget or device around the globe connected to the internet. The Internet of Things is making our surroundings more responsive and smarter, integrating the digital and physical universes. We’re in the middle of an IoT gold rush, with tech companies bullish to lure us into getting as many smart devices as possible into our homes, cars, wearables and offices. We have web security cameras to tell us who is at the door; digital assistants like Siri or Alexa come with microphones so they can hear and follow our command to turn the volume down, play songs or set a timer. But the data stored in these devices have a much bigger role to play than to simply make your life easier.
In terms of a bigger role, the data in these smart devices at the end of the day is stored, analyzed and repackaged. The data is further scrutinized, inspected and re-used by companies who want to gain insight into their customer’s behavior and understand their needs. Not every consumer is aware of what information their smart devices are capable of collecting, storing and monetizing.
What Govt is doing to prevent hackers from obtaining personal data
But lately, things are evolving, with consumers and the government becoming more educated and aware of data being collected by various gadgets in our lives. Recently, the UK government came up with its set of rules and guidelines for Internet of Things security that device makers must abide by if they wish to sell their gadgets in the country. The UK government proposal was developed by the Department of Culture, Media and Sport (DCMS) in partnership with the UK’s National Cyber Security Centre (NCSC).
As per Matt Warman, Minister, Digital and Broadband at DCMS, the new law will hold companies producing and selling internet-connected devices responsible and prevent hackers from invading consumers’ privacy. The UK government proposal states that any smart device to be sold in the UK must adhere to the following rules;
- IoT devices manufacturers, at the time of sale, must clearly state the minimum period of time that the gadget will receive security updates, either online or offline.
- All consumer devices connected to the internet must have a unique password that is not resettable to any factory setting
- Manufacturers of IoT consumer devices must provide a public point of contact so consumers can report a vulnerability or breach and it will be taken care of in a timely manner
Currently, IoT devices are shipped with simple, default passwords that in such cases cannot be changed. As per the new rules and regulations, any product that does not fall in line with these rules is likely to be banned from sale in the UK.
Some Common IoT Threats
Any product that can be connected via the Internet is subject to threats. The ubiquity of the Internet, the diversity of connected devices and the growing capacity of network connection make the Internet of Things adaptable and scalable. Part of adopting the IoT, therefore, is expecting what else the technology brings to the environment it is being applied to. With the IoT devices playing a crucial role in digitalization, the fact that we are always prone to vulnerabilities and breaches. Unless we don’t understand and identify the threats over the internet, we won’t be able to take measures to safeguard our smart devices against these threats.
As a consumer of IoT devices or as an organization, we must be aware of the following common IoT threats:
- Privacy leaks
- Denial of Service
How ExcelliMatrix can prevent IoT vulnerabilities
To diminish IoT breaches, smart devices manufacturers need to be updated about future security threats and develop a complete cybersecurity strategy before adopting IoT infrastructure to their organization. For this sole purpose and many more, they can seek the assistance of a dedicated ExcelliMatrixs’ cybersecurity professionals who can deal with security concerns. In case, business leaders wish to take the matter in their own hands, they can start by ensuring all their crucial data is encrypted and that their computer systems are timely audited.
Follow us on Facebook, & LinkedIn or Contact us, 406-646-2102 and get your questions answered.