The connection conundrum amid the Internet of Things – Technologist
Being Asia’s leading smart city and among the top worldwide, Singapore has harnessed the Internet of Things (IoT) in a wide array of ways, utilising its potential throughout different sectors. From governance and transportation to healthcare and housing, IoT technologies have been embraced to aid with nationwide innovation and efficiency.
In brief, IoT refers to the network of physical objects– “things”– that connect and share data with the internet, other IoT devices and the cloud. IoT devices are often embedded with sensors, software, and other technologies to exchange data with other devices and systems when connected to the internet.
IoT’s importance to Singapore has only grown in stature, enabling its IoT market to generate US$5.47 billion in 2022. For organisations and individuals, IoT devices are equally as important as they can improve productivity and make our lives easier. For organisations of all industries, IoT devices can collect data and give them insight into what they should be doing to be more efficient, save costs and generate revenue. These devices communicate with one another and work together to gather information that can be useful for future events.
While IoT provides many great benefits, security risks associated with IoT need to be addressed. Therein lies the connection conundrum: how can one stay safe while harnessing the benefits of the IoT?
Understanding the security risks of the IoT
There are a number of security risks the IoT is associated with. First off, there is weak authentication. Login credentials are an IoT device’s first line of defence against hackers. If the passwords for IoT devices and connected accounts aren’t strong, it means there’s at a greater risk of being hacked and misused for malicious purposes. While most IoT devices come with default passwords, some IoT devices don’t require authentication at all, which presents a major security risk to the data being processed and the network it’s connected to.
Next, the lack of encryption is another security risk. Encryption is when data is turned from a readable format to an unreadable format known as cipher text, where it prevents anyone but an authorised person or system from being able to view, read or alter the encrypted data. When data is encrypted, it remains so until an authorised individual or system uses the encryption key (usually a password) to decrypt the data. Encryption is what keeps sensitive data safe from unauthorised individuals. When IoT devices fail to encrypt the data, they process and store, it places that data at risk of falling into the hands of cybercriminals.
Software updates are oftentimes pushed back due to their inconvenience and downtime, but they are important in patching security flaws and adding new security features. There is a risk when software is not updated immediately, as it opens a backdoor for cybercriminals to inject malware into IoT devices due to lapses in cybersecurity. If malware were to infect just one of IoT devices, it could also infect any others connected within the same network.
IoT devices have also raised privacy concerns due to the amount of data gathered and the potential for bad actors utilising them to spy on people in their own offices and homes. Back in 2023, Amazon faced a US$5.8 million settlement because an Amazon Ring employee was able to view thousands of videos from at least 81 different female users. This was just one of many Amazon Ring employees who were extensively viewing customer footage without consent.
Lastly, there’s an attack surface, which refers to all the possible entry points where cybercriminals can access and hack into a system to steal data. When an attack surface is small, it’s easier to manage and protect. The more IoT devices someone has, the greater their attack surface becomes, because of the increased number of access points and amount of information being shared between those devices. When an attack surface becomes large, the potential for a cybercriminal to steal sensitive information increases.
Securing IoT devices from cyber threats
Most IoT devices come with default passwords — which it’s highly recommended to change. Passwords should be changed to be strong and unique to prevent IoT devices from being hacked. A password generator can be used when creating your passwords to ensure they always follow password best practices, further enhancing security. A password manager can be used to securely store passwords that can be easily forgotten.
Enabling Multi-Factor Authentication (MFA) is another security measure to be taken for most accounts and applications. Instead of only having to enter a username and password, users would also have to provide another form of authentication when MFA is enabled. This prevents unauthorised individuals from being able to access the account since they won’t be able to authenticate the owner’s identity.
Oftentimes, IoT devices come with additional features and services that might not be necessary. If this is the case, disabling features that won’t be in use helps to reduce a device’s attack surface — thus lowering the chance of cyber threats.
Keeping an IoT device’s software and firmware up to date aids in preventing cybercriminals from being able to exploit known vulnerabilities. Thankfully, most devices and applications let users enable automatic updates, so there’s no worry about manually updating a device’s software. Automatic updates can be enabled by going to a device’s settings on its associated application.
Prioritising security alongside innovation
Undoubtedly, IoT devices are extremely useful on industrial, organisational, and personal levels — making the lives of everyone a whole lot easier through increased productivity and efficiency.
Managing and maintaining these widespread devices poses a significant challenge in Singapore’s IoT landscape, given the vast quantity of devices requiring constant monitoring, upkeep, and regular updates. As IoT technology continues to gain traction, the task of managing these devices becomes increasingly intricate and extensive.
Adopting proactive measures such as robust encryption, regular software updates, and network segmentation, individuals and organisations can navigate the “connection conundrum” and harness the transformative potential of the IoT while minimising the associated risks.
By prioritising security alongside innovation, we can fully embrace the benefits of the IoT without compromising our safety.