sb-au logo
Story image

Growing IoT adoption putting Australians at risk of cyber attacks

22 May 2018

IoT adoption in the Australian consumer market has grown 55% in the last year, bringing the total market worth to $583 million, according to a recent Telsyte Australian IoT@Home Market Study 2018.

But that increased adoption is putting Australians at increased risk of cyber attacks – and security is still often an afterthought for the manufacturers who make the devices.

Sense of Security CTO Jason Edelstein says manufacturers are pushing connected devices to the market in such a rush that the lack of security is putting Australians’ information at risk.

Telsyte’s research found that the average Australian household has 17.1 connected devices in 2018 and is forecast to reach 37 by 2022 – a total of 381 million connected devices across the country.

According to Edelstein, it’s not just households at risk – particularly as a range of commercial industries adopt IoT technologies.

“Due to the increased efficiencies and convenience IoT provides, it is permeating many industries, ranging from healthcare to retail. It could be an employee bringing in an unsecure IoT device and connecting it to the network. It could be a connected air-conditioning unit in the office. Or, worse, it could be a connected healthcare device that enables doctors to monitor a patient's condition remotely,” he says.

Edelstein notes that hackers have successfully broken into pacemakers, baby monitors, share bikes, and even a casino aquarium. Any device can become a gateway for hackers.

“What we find to be the most common vulnerabilities are software defects, bugs and logic flaws. This clearly shows we are rushing devices to market with little thought to how we protect the users. ”

“To address the security flaws, it is important we start bringing a cybersecurity mindset into the planning and design phase, particularly as more products continue to be connected to the internet.”

He also believes that organisations should continuously use penetration tests and application security reviews to monitor the security of new products.

However, organisations can often miss devices that would generally not be considered threats because IoT is so pervasive.

“There’s already been reports of connected vending machines or air conditioning units being used as back doors into the business network,” Edelstein says.

“For this, Red Teaming, the process of conducting a real-life cyber attack from an attacker's perspective, can help unveil secret entry points you may have missed.”

“Today, IoT devices are a hacker’s dream. It’s everywhere, it’s largely unsecure and it’s providing easy access points to conduct malicious activity and access sensitive information, such as medical records, addresses and credit card details. We must take a proactive approach to securing IoT or risk becoming an easy target."

Link image
Where is your data? You'll find out in 2021
Next year, we will start to realise exactly how much intellectual property was stolen by attackers during the 2020 remote working shift, writes Forcepoint global CTO Nicolas Fischbach.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Ivanti looks to a brighter future with MobileIron and Pulse Secure acquisitions
Ivanti has acquired MobileIron and Pulse Secure, with the intention of delivering intelligent and secure experiences across all devices in the ‘everywhere enterprise’. More
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Cybercriminals are leveraging AI for malicious use
"At a time where the public is getting increasingly concerned about the possible misuse of AI, we have to be transparent about the threats."More