SecurityBrief New Zealand logo
Story image

Need to know: The dark side of the IoT and how to protect your business

14 Dec 2016

In 2016, the Internet of Things (IoT) was undoubtedly one of the hottest talking points. With digitisation rife amongst modern businesses, it’s become almost a given to be purchasing products that are IoT-enabled.

According to Aura Information Security principal consultant/cyber evangelist Paul W. Poteete, the term ‘IoT-enabled products’ essentially covers any non-traditional device that connects to the Internet. This includes any device that has internal logic that allows a person to change settings or read information about those settings via the Internet, like smart fridges, smoke alarms and thermostats.

However, Poteete says that what they don’t tell you is how these products and devices can be used to commit organised crime, hack into your business (and personal) life, and potentially put you or your business in a very difficult spot - as every IoT device is essentially an access point for malicious intruders.

“For the most part, people underestimate the breadth of hacking that takes place in New Zealand,” Poteete says. “There are hundreds of NZ websites that I have encountered that have been hacked by everyone from lone hackers up to terrorist organisations.”

Poteete affirms that cyber security in New Zealand is often inappropriately addressed, largely because no one actually understands what it entails.

“Individuals were formerly concerned that a hacker would hack a webcam, but now it may be possible to hack a home's HVAC, medical devices, kitchen appliances, utility meters, smoke alarms, or baby monitors,” Poteete says. “The IoT opens the world of cyber threats directly into your living room and beyond.”

While it can be difficult to prevent these attacks, Poteete says it is also hard to actually determine that you’ve been hacked. Some of the more common signs include email phishing attacks that use information gained from IoT devices, IoT settings changing, unexplained usage reports from utility companies, or suspicious deliveries related to IoT automated requests.

So what can we do to protect ourselves? We asked Poteete for his top tips.

I’ve been hacked, what should I do?

“First of all, don’t panic. If you feel that you have been attacked, take a moment to verify that your system has actually been hacked, disconnect the device from the network (wireless, bluetooth, wired, et cetera), change your passwords for your network router, wireless access point, and the passwords or wireless keys on the IoT devices from a known safe computer.

“In regions that allow criminal prosecution for cyber attacks, report the attack to the police as soon as you identify the violation. In New Zealand, a great place to start is "the Orb" or the local police department can help you. In cases of a business violation, contact your information security partner for assistance.”

How can I prevent future attacks?

“Any system can be hacked by a malicious attacker, and in reality, it is often our own mistakes that cause the biggest problems.

“If I had to leave a note regarding the best way to prevent hackers from accessing your personal or business information, I would recommend that effort is made to keep track of what devices are installed in your home and office, what important information that these devices can access, what protective measures have been implemented to protect that information, if the information has adequate backups, and what monitoring is available to track potential intrusions.”

Poteete says that as organisations grow in their understanding of cyber security processes and threats, they will be better able to address the associated risks with confidence.

To help you stay one step ahead of the criminals, Aura Information Security is hosting 31c0n in February 2017, a cyber security conference with a wide range of international cyber experts speaking on various aspects of cyber security.

Click here to find out more.
Story image
Why organisations should rethink the approach to retail demand planning and forecasting
Why organisations should rethink the approach to retail demand planning and forecastingMore
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
Egnyte ensures greater security across Microsoft 365 with latest integrations
The new integrations are aimed at helping mid-sized organisations prevent data loss, address a growing number of regional privacy regulations, and simplify the overall management of content with minimal administrative overhead.More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More