ILMA Compoundings – October 2019 - 40

BUSINESS HUB

Internet of Things
By Bryce Austin

M

any of the products we
purchase today are not just
products. Twenty years ago,
if you went into a store and bought
a thermostat, you got exactly that: a
thermostat. It controlled your heat and/
or air conditioning and had no ability
to do anything else. It wasn't a concern
beyond its ability to accurately run
your heating or cooling system.
Today, a thermostat is not just
a thermostat. It's a computer that
happens to be hooked up to temperature sensors and is programmed to
control a furnace and air conditioner.
Computers can be reprogrammed
to do other things. Computers need
to be protected from criminals who
would try to make them do what the
criminal wants rather than what you
want. The internet-connected thermostat, television, security camera, coffee
maker, lightbulb, juicer, refrigerator,
washing machine and other devices
are now all computers. They all have
the potential to be attacked, just like
your desktop or laptop.
Given the potential damage that
these devices can do, the definition of
an internet-of-things (IoT) device is
important to understand. Differences
of opinion exist on this, so I'm going
to focus on the ones that meet the
following criteria. For a device to be
considered an IoT device, three conditions must be met. An IoT device must:
1. Have a computer as its "brain."
By definition, almost anything
with the ability to communicate
with other computers is also a
computer.
2. Be connected to the internet. If
you hook it up to a networking

40

OCTOBER 2019

| COMPOUNDINGS | ILMA.ORG

cable or connect it to a Wi-Fi
network, and that network can
see external websites like Google,
then this condition applies.
3. Be capable of receiving data. If a
device can only send information
and has been set up to be incapable of receiving it, then it cannot
be remotely controlled.
So, what are some of the ways
IoT devices can be used against your
organization?
1. They can be used as an entry
point into your network. Without good network segmentation
and good firewall rules, a hacked
IoT device can be used as a
means for a hacker to probe your
network for vulnerabilities.
2. IoT devices might be giving away
sensitive data, network passwords
or even your critical intellectual
property without you knowing
about it. Some of these devices
are so poorly designed that they
are broadcasting the "keys to your
technology kingdom," such as
your Wi-Fi password.
What are your company's chances
of being targeted? According to a
Gartner forecast, 8.4 billion connected things were expected to be in
use worldwide in 2017 - an increase
of 31% from 2016. While consumers
are the largest group of IoT users,
representing 63% of overall IoT
applications as of 2017, businesses
were expected to employ 3.1 billion
connected things that year. 
So, what steps can your company
take to secure your IoT devices?

1. Segregate these devices onto their
own section of your network.
2. Avoid IoT devices that collect
sensitive data. This list is larger
than you might think. Most
smart thermostats have motion
sensors and know when there are
people in your office and when
there aren't. Criminals would like
to know that, too.
3. Make sure IoT devices provide
a genuine business value before
allowing them into your environment. A casino in North America
was recently hacked through its
IoT-connected fish tank. Do you
think that casino really needed an
IoT aquarium?
Look for IoT devices that have
been made with a cybersecurity
framework in mind, such
as the IIConsortium
(www.iiconsortium.org) or Z-Wave
(products.z-wavealliance.org).
Austin is the CEO of TCE
Strategy, an internationally
recognized speaker on emerging
technology and cybersecurity
issues, and author of Secure Enough? 20
Questions on Cybersecurity for Business
Owners and Executives. With over 10 years of
experience as a chief information officer and chief
information security officer, Austin actively advises
companies across a wide variety of industries on
effective methods to mitigate cyberthreats. For
more information, visit www.tcestrategy.com.
Adapted from an excerpt in
Austin's book, Secure Enough? 20
Questions on Cybersecurity for
Business Owners and Executives.
http://www.iiconsortium.org http://products.z-wavealliance.org http://www.tcestrategy.com http://www.ILMA.ORG
ILMA Compoundings – October 2019

Table of Contents for the Digital Edition of ILMA Compoundings – October 2019
