The Internet of Things: A Revolution That Comes with Risks
By: Laurent Carlier, ASC, CRMA, CISA, CISSP, CRP, Senior Manager, Risk, Performance and Technology Services
The Internet of Things is a sector that is sure to see enviable growth in the years to come. Various studies predict that, in 2020, the world will have more than 21 billion connected devices, compared to 4 billion today, and that this market will represent $1.3 trillion in 2019. One thing is certain: the Internet of Things is a strong and growing trend in our societies.
From a dream…
The growing number of smart devices has enormous potential. Imagine the following scenarios…
You are at the wheel of a self-driving car. The vehicle is connected to your city’s traffic management system and automatically adjusts its speed and itinerary to optimize fuel consumption, reduce the number of stops and avoid traffic congestion.
After your heart attack, you received a pacemaker with Internet connection. You have instant access to all performance data for the device, as well as your health information, on your mobile phone. Your doctor can even check the device’s read-out and diagnose any situation that is a cause for concern without having to leave the office.
Your heating system adjusts automatically according to the weather forecast or as family members make their way home. There is no more need to program the thermostats since the radiators turn on by themselves as you come home.
… to a nightmare
Yet, some major security risks lurk behind these exciting possibilities. Just think of the following scenarios…
All of a sudden, you lose control of your car. A hacker is now controlling the accelerator, the brakes and the steering wheel and has locked the doors; you have no idea what this person’s intentions might be.
You get a message from the computer system that manages your pacemaker settings. The message is from a hacker, who has commandeered the device and is threatening to jam it if you do not pay a ransom within 12 hours.
All of the lights and electrical appliances in your home turn off. As you look out the window, you see that your entire neighbourhood has been plunged into darkness. Is there a power failure? No, worse: a hacker has just taken control of all smart meters in the city…
The dangers are real
These scenarios are based on attacks that were devised by groups of cyber security researchers. These are real dangers that show how connected devices are vulnerable to attack.
Security issues are rarely taken into account when new electronic devices are designed. Ensuring adequate protection can be very costly for companies and the regulations only very rarely require such measures.
Connected devices are more difficult to update with security patches than PCs or computer servers. Installing antivirus or other security software is also a complex matter.
Connected devices (smart meters, self-driving cars, automatic locks, etc.) can also have a much longer life than a PC or a smart phone, which will be replaced after a few years. This means that their vulnerabilities can exist for a long time until a hacker decides to exploit them.
How to protect yourself from attack?
There are ways for consumers and companies to protect themselves from attack, although they are limited. Among other things, you should:
- Obtain information on connected devices before buying them and avoid devices that have had security breaches;
- Purchase connected devices whose vulnerabilities can be corrected and always download the latest updates before connecting the device;
- Change the default passwords provided with the device and choose complex passwords.
It is up to governments to act!
It is up to regulators to act in order to protect society from the threats that can come with these devices. There are many potential solutions: adopt security standards, force designers to include security when developing new products and test devices for vulnerabilities at the prototype stage.
The Internet of Things is bringing about a real revolution that will not be stopped by security issues. However, as consumers, employees and business leaders, we cannot give free rein to hackers.
This article was originally published in Action Canada-France.
About Richter : Founded in Montreal in 1926, Richter is a licensed public accounting firm that provides assurance, tax and wealth management services, as well as financial advisory services in the areas of organizational restructuring and insolvency, business valuation, corporate finance, litigation support, and forensic accounting. Our commitment to excellence, our in-depth understanding of financial issues and our practical problem-solving methods have positioned us as one of the most important independent accounting, organizational advisory and consulting firms in the country. Richter has offices in both Toronto and Montreal. Follow us on LinkedIn, Facebook, and Twitter.