In our connected world, everything can be hacked

The Internet of Things (IoT) is the network of actual objects that are accessed through the Internet. These objects contain embedded technology that allows them to interact with their external environment, and other objects.

The IoT is connecting new places, such as transportation systems, energy grids, healthcare facilities and suchlike to the Web. However, any object that can connect to the Internet, and can represent itself digitally, can be hacked, or potentially controlled from any location.

The IoT has become a part of everyday life. Think of the proliferation of clever devices – smart grids, smart meters, connected cars, and devices for the home such as lighting and security systems. Although the IoT has vast potential for productivity and convenience, there are massive security implications too. If something can be connected to the Internet, is it only a matter of time before someone will try to hack it. This has been clearly illustrated by the recent hacks of cars, pacemakers, insulin pumps and even a baby monitor.

In the past, the tech industry has too often seen security as an afterthought. Companies rush to launch new devices and open new markets, without properly evaluating security. This leads to attackers exploiting security vulnerabilities in devices, as in the examples I mentioned above.

Unfortunately, the technology industry has a long history of ignoring security in the rush to open new markets, and we may see it happen again with IoT.

In certain cases, the IoT can piggyback on existing security technologies, for example, encryption. With encryption, devices can be authenticated, and then used in conjunction with a virtual private network to protect sensitive data being sent from one device to another.

Companies that design and build any IoT devices should only use secure software development practices to try to minimise exploits and attack surfaces. These OEMs and vendors need to have security practices and protocols in place to update and patch any security used by these devices as and when needed. This will all cost money, but it is a price that needs to be paid to minimise risks. At the end of the day, it is no point being penny wise and pound foolish. Money spent will be well worth the while if it keeps a business’ most sensitive data secure.

There is no doubt that the IoT could be a game changer, and radically alter our lives for the better. However, to make ensure it doesn’t become more of a hindrance than a help security must be built in from the start, giving consideration to each component employed, how it will be used, and what sort of data it will contain. If nothing else, the last few years have shown us the hard way that security must be built in, not thrown on as an afterthought.