The Internet of Things (IoT) & Its Impact on Cybersecurity


How the Internet of Things has Made Life More Interesting but Cybersecurity a Whole Lot More Challenging

The Internet of Things (IoT) has certainly made life more interesting. While customers can do anything from managing their homes remotely to receiving targeted adverts, businesses have been presented with unprecedented opportunities for innovation, diversification, agility and cost optimization. It sounds like a win/win situation with both customers and suppliers deriving significant benefits from this exchange. But, of course, it is never as simple as that. We are now vulnerable in ways we could not have imagined a few years ago.

Although the IoT brings a myriad of benefits, the speed of its adoption and expansion has been unexpected. This means that it has also been largely unplanned and uniform standards are not yet in place. However, although there is no formal IoT standard to be adhered to, and the installation, maintenance and security of devices is often outside the responsibility of the traditional management chain, organizations are not absolved from responsibility for security around the collection, analysis, privacy and management of the data obtained.

One of the key issues around the IoT is that information is collected, communicated, analyzed and processed through automated sensors. It does not require human input. So, while it is providing the benefits of smart technology to organizations, businesses and households, it is also automatically generating a huge amount of specific personal and sensitive data which is accessed by or shared with third parties.

For as long as IoT has been around, cyber criminals have been developing their skill sets and exploiting the vulnerabilities inherent in the technology. The explosive increase in the number of personal Internet-connected devices has brought about an exponential increase in the volume of data. This situation has led to an increased risk of potential data breaches because it has created new pathways for attack and expands the possibilities of the kinds of data that hackers can compromise.

A robust cybersecurity strategy should, therefore, be based on the assumption that when it comes to a cyber breach, it is not a question of if, but when. By 2020 it is estimated that 25% of cyberattacks will target IoT devices, making it important that IoT security is at the core of any data security strategy.

1. Vulnerability Testing

As the uptake of the IoT grows, so has the demand for vulnerability testing. Using automated vulnerability testing tools to explore the infinitesimal possibilities for entry into your system is a good starting point. If correctly scoped these vulnerability tests will provide the intelligence required to implement changes and to target more strategic and in-depth penetration testing.

2. Internet of Things Penetration Testing

Penetration testing brings the skilled human mind to the process of developing, exploring and exploiting potential weaknesses, much in the way that a hacker would. Potential areas of vulnerability are identified and a professional penetration tester should be able to provide you with a remediation strategy. Going one stage further, Red Teaming uses the skills of highly qualified individuals to simulate a real-world attack, designed to assess the suitability of the current security programme and offer remediation advice where appropriate.

3. The Human Element

Although the IoT often does not rely on human involvement, people can play an important part in building a defense or reporting and managing a breach. Improved training, processes and procedures, including the identification of unusual activity and the monitoring of user accounts and passwords together with the removal of untrusted devices, will enhance security as well as an organisation’s ability to anticipate and identify where issues or incidents occur.

4. Breach Notification

An IoT security standard may not be in place yet, but the existing regulations and data security standards require swift notification of data breaches. Having access to a Retained Forensics specialist team to provide professional, pragmatic and strategic support in the event of any type of incident will bring significant value to any Business Continuity strategy.


As IoT becomes ever more embedded into our devices and systems the onus will be on manufacturers to produce devices which are secure by design. True security is unlikely to be fully achievable, however, without regular scheduling of vulnerability and penetration testing.

Post a Comment

0 Comments