ng-nz logo
Story image

Need to know: The dark side of the IoT and how to protect your business

14 Dec 2016

In 2016, the Internet of Things (IoT) was undoubtedly one of the hottest talking points. With digitisation rife amongst modern businesses, it’s become almost a given to be purchasing products that are IoT-enabled.

According to Aura Information Security principal consultant/cyber evangelist Paul W. Poteete, the term ‘IoT-enabled products’ essentially covers any non-traditional device that connects to the Internet. This includes any device that has internal logic that allows a person to change settings or read information about those settings via the Internet, like smart fridges, smoke alarms and thermostats.

However, Poteete says that what they don’t tell you is how these products and devices can be used to commit organised crime, hack into your business (and personal) life, and potentially put you or your business in a very difficult spot - as every IoT device is essentially an access point for malicious intruders.

“For the most part, people underestimate the breadth of hacking that takes place in New Zealand,” Poteete says. “There are hundreds of NZ websites that I have encountered that have been hacked by everyone from lone hackers up to terrorist organisations.”

Poteete affirms that cyber security in New Zealand is often inappropriately addressed, largely because no one actually understands what it entails.

“Individuals were formerly concerned that a hacker would hack a webcam, but now it may be possible to hack a home's HVAC, medical devices, kitchen appliances, utility meters, smoke alarms, or baby monitors,” Poteete says. “The IoT opens the world of cyber threats directly into your living room and beyond.”

While it can be difficult to prevent these attacks, Poteete says it is also hard to actually determine that you’ve been hacked. Some of the more common signs include email phishing attacks that use information gained from IoT devices, IoT settings changing, unexplained usage reports from utility companies, or suspicious deliveries related to IoT automated requests.

So what can we do to protect ourselves? We asked Poteete for his top tips.

I’ve been hacked, what should I do?

“First of all, don’t panic. If you feel that you have been attacked, take a moment to verify that your system has actually been hacked, disconnect the device from the network (wireless, bluetooth, wired, et cetera), change your passwords for your network router, wireless access point, and the passwords or wireless keys on the IoT devices from a known safe computer.

“In regions that allow criminal prosecution for cyber attacks, report the attack to the police as soon as you identify the violation. In New Zealand, a great place to start is "the Orb" or the local police department can help you. In cases of a business violation, contact your information security partner for assistance.”

How can I prevent future attacks?

“Any system can be hacked by a malicious attacker, and in reality, it is often our own mistakes that cause the biggest problems.

“If I had to leave a note regarding the best way to prevent hackers from accessing your personal or business information, I would recommend that effort is made to keep track of what devices are installed in your home and office, what important information that these devices can access, what protective measures have been implemented to protect that information, if the information has adequate backups, and what monitoring is available to track potential intrusions.”

Poteete says that as organisations grow in their understanding of cyber security processes and threats, they will be better able to address the associated risks with confidence.

To help you stay one step ahead of the criminals, Aura Information Security is hosting 31c0n in February 2017, a cyber security conference with a wide range of international cyber experts speaking on various aspects of cyber security.

Click here to find out more.

Story image
Apple's new watchOS 7 features handwashing detection, new watch faces
“watchOS 7 brings sleep tracking, automatic handwashing detection, and new workout types together with a whole new way to discover and use watch faces, helping our users stay healthy, active, and connected.”More
Story image
Kiwi game developers move forward with indigenous gaming platform Katuku Island
“We created Katuku Island to bring cultural literacy to a technological platform that uses Maori Toi graphics, sounds, characters, tribal tattoo and indigenous challenges. As an indigenous researcher and business owner, I wanted to make a difference.”More
Story image
Dropbox adds new features for people working from home
“We’re working quickly to provide new features to help people stay better organised in all aspects of their lives so they can focus on what really matters - like health and family.”More
Story image
2degrees unveils new infrastructure sharing agreement, passes $1b milestone
The company has revealed it has invested $1 billion into its network infrastructure, and has expanded on its venture with Spark and Vodafone to connect the country's rural areas.More
Story image
Research trials new way to stop voice spoofers in their tracks
“Voice spoofing attacks can be used to make purchases using a victim’s credit card details, control Internet of Things connected devices like smart appliances and give hackers unsolicited access to personal consumer data."More
Story image
Time to take responsibility: E-waste - a global crisis
e-Waste is the world’s fastest-growing domestic waste stream, fueled by consumption rates of equipment, short life cycles, and few options for repair.More