Story image

Need to know: The dark side of the IoT and how to protect your business

14 Dec 16

In 2016, the Internet of Things (IoT) was undoubtedly one of the hottest talking points. With digitisation rife amongst modern businesses, it’s become almost a given to be purchasing products that are IoT-enabled.

According to Aura Information Security principal consultant/cyber evangelist Paul W. Poteete, the term ‘IoT-enabled products’ essentially covers any non-traditional device that connects to the Internet. This includes any device that has internal logic that allows a person to change settings or read information about those settings via the Internet, like smart fridges, smoke alarms and thermostats.

However, Poteete says that what they don’t tell you is how these products and devices can be used to commit organised crime, hack into your business (and personal) life, and potentially put you or your business in a very difficult spot - as every IoT device is essentially an access point for malicious intruders.

“For the most part, people underestimate the breadth of hacking that takes place in New Zealand,” Poteete says. “There are hundreds of NZ websites that I have encountered that have been hacked by everyone from lone hackers up to terrorist organisations.”

Poteete affirms that cyber security in New Zealand is often inappropriately addressed, largely because no one actually understands what it entails.

“Individuals were formerly concerned that a hacker would hack a webcam, but now it may be possible to hack a home's HVAC, medical devices, kitchen appliances, utility meters, smoke alarms, or baby monitors,” Poteete says. “The IoT opens the world of cyber threats directly into your living room and beyond.”

While it can be difficult to prevent these attacks, Poteete says it is also hard to actually determine that you’ve been hacked. Some of the more common signs include email phishing attacks that use information gained from IoT devices, IoT settings changing, unexplained usage reports from utility companies, or suspicious deliveries related to IoT automated requests.

So what can we do to protect ourselves? We asked Poteete for his top tips.

I’ve been hacked, what should I do?

“First of all, don’t panic. If you feel that you have been attacked, take a moment to verify that your system has actually been hacked, disconnect the device from the network (wireless, bluetooth, wired, et cetera), change your passwords for your network router, wireless access point, and the passwords or wireless keys on the IoT devices from a known safe computer.

“In regions that allow criminal prosecution for cyber attacks, report the attack to the police as soon as you identify the violation. In New Zealand, a great place to start is "the Orb" or the local police department can help you. In cases of a business violation, contact your information security partner for assistance.”

How can I prevent future attacks?

“Any system can be hacked by a malicious attacker, and in reality, it is often our own mistakes that cause the biggest problems.

“If I had to leave a note regarding the best way to prevent hackers from accessing your personal or business information, I would recommend that effort is made to keep track of what devices are installed in your home and office, what important information that these devices can access, what protective measures have been implemented to protect that information, if the information has adequate backups, and what monitoring is available to track potential intrusions.”

Poteete says that as organisations grow in their understanding of cyber security processes and threats, they will be better able to address the associated risks with confidence.

To help you stay one step ahead of the criminals, Aura Information Security is hosting 31c0n in February 2017, a cyber security conference with a wide range of international cyber experts speaking on various aspects of cyber security.

Click here to find out more.

2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Businesses in APAC are ahead of the global digital transformation game
“And it’s more about people and culture - about change management - along with investing in the technology.”
HubSpot announces fund for 'customer first' startups
HubSpot is pouring US$30 million (NZ$40 million) into a new fund to support startups that demonstrate ‘customer first’ approach of not only growing bigger, but growing better.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
LearnCoach closes $1.5m seed round
The tutorials are designed for students who want to learn NCEA subjects but can’t make it to a physical classroom.