Story image

Need to know: The dark side of the IoT and how to protect your business

14 Dec 16

In 2016, the Internet of Things (IoT) was undoubtedly one of the hottest talking points. With digitisation rife amongst modern businesses, it’s become almost a given to be purchasing products that are IoT-enabled.

According to Aura Information Security principal consultant/cyber evangelist Paul W. Poteete, the term ‘IoT-enabled products’ essentially covers any non-traditional device that connects to the Internet. This includes any device that has internal logic that allows a person to change settings or read information about those settings via the Internet, like smart fridges, smoke alarms and thermostats.

However, Poteete says that what they don’t tell you is how these products and devices can be used to commit organised crime, hack into your business (and personal) life, and potentially put you or your business in a very difficult spot - as every IoT device is essentially an access point for malicious intruders.

“For the most part, people underestimate the breadth of hacking that takes place in New Zealand,” Poteete says. “There are hundreds of NZ websites that I have encountered that have been hacked by everyone from lone hackers up to terrorist organisations.”

Poteete affirms that cyber security in New Zealand is often inappropriately addressed, largely because no one actually understands what it entails.

“Individuals were formerly concerned that a hacker would hack a webcam, but now it may be possible to hack a home's HVAC, medical devices, kitchen appliances, utility meters, smoke alarms, or baby monitors,” Poteete says. “The IoT opens the world of cyber threats directly into your living room and beyond.”

While it can be difficult to prevent these attacks, Poteete says it is also hard to actually determine that you’ve been hacked. Some of the more common signs include email phishing attacks that use information gained from IoT devices, IoT settings changing, unexplained usage reports from utility companies, or suspicious deliveries related to IoT automated requests.

So what can we do to protect ourselves? We asked Poteete for his top tips.

I’ve been hacked, what should I do?

“First of all, don’t panic. If you feel that you have been attacked, take a moment to verify that your system has actually been hacked, disconnect the device from the network (wireless, bluetooth, wired, et cetera), change your passwords for your network router, wireless access point, and the passwords or wireless keys on the IoT devices from a known safe computer.

“In regions that allow criminal prosecution for cyber attacks, report the attack to the police as soon as you identify the violation. In New Zealand, a great place to start is "the Orb" or the local police department can help you. In cases of a business violation, contact your information security partner for assistance.”

How can I prevent future attacks?

“Any system can be hacked by a malicious attacker, and in reality, it is often our own mistakes that cause the biggest problems.

“If I had to leave a note regarding the best way to prevent hackers from accessing your personal or business information, I would recommend that effort is made to keep track of what devices are installed in your home and office, what important information that these devices can access, what protective measures have been implemented to protect that information, if the information has adequate backups, and what monitoring is available to track potential intrusions.”

Poteete says that as organisations grow in their understanding of cyber security processes and threats, they will be better able to address the associated risks with confidence.

To help you stay one step ahead of the criminals, Aura Information Security is hosting 31c0n in February 2017, a cyber security conference with a wide range of international cyber experts speaking on various aspects of cyber security.

Click here to find out more.

Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.