It’s nearly Christmas, and many of us will find smart, Internet-enabled gadgets under the tree. In fact, by year’s end a staggering 27 billion connected consumer devices will have been sold world-wide.1 From doorbells and CCTV cameras to virtual assistants and household appliances, everything is getting smarter and going online. However, the more connected devices or endpoints we have, the greater the risks of cyber-attack.
Cheap smartwatch endangers children
Recently, the AV-TEST Institute revealed how the SMA-WATCH-M2 smartwatch, a product marketed to parents as a child safety device, actually places them at risk. Engineers testing the smartwatch found they could access an unprotected server holding real-time location data, phone numbers, pictures and conversations from more than 5,000 children. The implications are chilling, and yet the smartwatch is still widely available.2
The UK consumer association Which? has called for more stringent rules on the manufacture and sale of smart, connected toys and similar household devices that threaten consumers’ privacy and security. In a recent article, Which? warned, “We’re not just concerned about insecure connected toys. Previous investigations have exposed flaws in a whole range of gadgets, from coffee machines to cameras, and routers to robot vacuum cleaners.”3
Before you buy the latest Bluetooth or WiFi enabled toy this Christmas, we strongly recommend you download the Which? connected toys checklist.
Privacy by design
A legal requirement of GDPR (General Data Protection Regulations) is privacy by design. This means you have to consider data protection issues, risks and potential consequences in advance of everything you do.4 However, many of the software developers and product manufacturers of smart, Internet of Things (IoT) devices simply do not consider security and privacy. Instead, their focus is on how quickly and cheaply they can bring new products to market.
Many so-called smart devices are manufactured with the cheapest components, running old, unsecure firmware and software. In the first half of this year, AV vendor Kaspersky identified over 105 million attacks against IoT endpoints. The number of attacks is nine times higher than the year before.5
Smart buildings under attack
Of course, it’s not just the consumer that is at risk from connected devices. According to the research and advisory firm Gartner, there will be 5.8 billion enterprise and automotive IoT units installed globally by 2020. Together, building automation and security systems account for 1.54 billion of these devices.6 A recent Kaspersky report found that nearly 40 percent of 40,000 smart buildings it analysed have been the victim of a cyber attack. In most cases, the threats came from malware, phishing and ransomware affecting computers that run the building automation and management systems.7
The benefits of IoT
Smart technologies and the adoption of Cloud computing have certainly brought many benefits to the commercial property sector. An Intel smart office building project in Bangalore, India saves $645,000 annually by reducing energy and water usage with a return on investment of under four years.8 Similarly, the adoption of IoT sensors and mobile apps are helping shopping centres and retailers improve the customer experience, reduce costs and increase profitability.9
Be smart about the risks
It is estimated that smart buildings save between 5 percent and 35 percent on energy consumption.10 Smart buildings improve efficiency, reduce maintenance downtime, enable better use of resources, and improve the health and well-being of occupants. Nevertheless, adding numerous Internet connected sensors and other devices to a building’s operational and IT infrastructure will inevitably increase the level of security risk. It’s how you manage the risk that is important.
Plans, precautions and processes
Commercial property owner-operators must realise they need robust cybersecurity plans that go hand-in-hand with any digital transformation effort. Building owner-operators should have an inventory of all devices connecting to the network from smartphones and printers to IoT sensors. The network should be monitored for unexpected activity or suspicious changes. New devices should be securely configured, default passwords changed and access strictly limited. You can isolate IoT devices within their own local area network (LAN), use strong, complex passwords and encrypt all communications. Finally, firmware upgrades, bug fixes and security patches should be applied promptly when made available.
Whether it is buying smart, connected toys this Christmas or seeking to reduce the operating costs of a major office building, it pays to do your homework, understand the pros and cons of the technologies available, and keep security at the forefront of your plans.