World Economic Forum fears of IoT need to be addressed

The World Economic Forum (WEF) in Davos this week called for “effective governance” at all levels to minimise the security and privacy risks unfolding from the Internet of Things (IoT).

Allen Storey, product director at cyber security company Intercede, said companies, product integrators and service providers now had to act quickly to mitigate the risks.

He said: “The growth in connected devices gives criminals access to greater and more diverse opportunities for extortion, theft and fraud, which are likely to be even more damaging than today’s malware that holds data to ransom, such as Cryptolocker.

“These IoT attacks don’t just threaten to disrupt corporations. With critical national infrastructure being brought online, such as power generation and electricity grids, IoT attacks could be used by terrorists or hostile nations to cripple countries.”

Storey said: “Establishing the true identity of any data-collecting machine or device is a critical element in preventing criminals gaining control of, or access to, a company’s network. Anything that is internet-connected but unprotected can be compromised, and can provide a wealth of valuable data to criminals.

“One example would be the ability to monitor staff movements to track or target a particular employee for some nefarious purpose, from theft to blackmail.”

Storey added: “As with so much related to security, one of the biggest vulnerabilities is not technology but humans. What is key to securing a world of connected devices is a big push to educate people, corporations and other organisations that while the Internet of Things will radically change our lives in many ways, the biggest change will come in the way that we need to think about security.”

He said IoT security education “should not be based on fear, uncertainty and doubt”, but instead we need a “calm and collaborative approach” to securing “one of the biggest technological leaps forward in our lifetime”.