Cyber risks for and Internet of Things enabled world
Internet of Things (IoT) is a phrase which seems to be cropping up more and more in conversation these days, quite the hot topic - and often when it does, I find it’s accompanied by looks of confusion.
The Big Data Bang
‘The big data bang’ is another phrase that describes the sudden appearance of devices that are connected to the internet, as if it happened overnight. There are now internet enabled devices within healthcare, infrastructure, transportation, industrial systems for automation and of course the consumer world of wearables. These devices are all creating an ecosystem of valuable information. But what is making the IoT different from the conventional Internet? Firstly, people. The IoT doesn’t rely on intervention from humans to function. With the IoT, sensors collect, communicate, analyze, and act on information, offering new ways for technology, media and telecommunications businesses to create value—whether that’s creating entirely new businesses and revenue streams or delivering a more efficient experience for consumers.
The wealth of data being collected in real world applications is revolutionary for creating better opportunities. But this also creates new dangers for that information to be compromised. Take the smart home as an illustrative example. Imagine a garage door opener with the added functionality to deactivate the home alarm upon entry. This is a convenient feature for a homeowner entering their home in a hurry. However, now the entire alarm system could potentially be deactivated when only the garage door system is compromised. The broad range of connectable home devices—TVs, home thermostats, door locks, home alarms, smart home hubs, garage door systems, to name a few—creates a myriad of connection points for hackers to gain entry into IoT ecosystems, access customer information, or even penetrate manufacturers’ back-end systems.
In 2016, a cyber-attack known as the “Mirai botnet” affected millions of IoT devices. The devices were used to overload domain name system (DNS) provider Dyn, with a distributed denial of service attack (DDOS). This knocked out major websites including Netflix, Spotify, Etsy and Twitter and experts say it was the largest of its kind in history.
The Big Data Bang grew so quickly – and has been implemented in such unconventional objects - that security protections have not been able to keep up with its monumental rise. With the technology moving so fast, there has been limited governmental and industry led regulations to ensure more robust security protections are in place to thwart cyber threats.
However, BSI has been keeping close watch on the status of the IoT technological rise. We’ve created an inclusive community to tackle this challenge and accelerate adoption. Through this, we’re able to offer best practice and standards for the adoption of IoT enabled device manufacturers and retailers to better protect data from being compromised, such as:
BS ISO/IEC 19944:2017 This standard will help cloud service providers produce clear statements telling device users where their data is flowing, where it’s being processed and why
BS ISO/IEC 27039:2015 This standard can help by providing an analysis of host and network traffic and/or audit trails for attack signatures or specific patterns that usually indicate malicious or suspicious intent.
BS ISO/IEC 27035-1:2016 Presents basic concepts and phrases of information security incident management and how to improve incident management within information technology security techniques.
These standards along many more information technology and cyber security standards are available through British Standards Online (BSOL). BSOL is a cost effective and easy solution to incorporate standards in order for you to deliver high quality products whilst improving your brand reputation and generating greater revenue.