Imagine you're sitting on your couch relaxing on a Sunday afternoon when your smart device alerts you that you are having a heart attack or that you have gone into renal failure. You jump up, head to the ER and spend hours on test after test only to discover that nothing's wrong with you. So, what happened? Bad actors hacked your device, a type of attack in the IoT space of which we will likely see more instances in the future. Nowadays, information security is not a consideration just for the digital stack. It is also an increasingly relevant concern for physical security. And IoT is the tip of the iceberg. Nano IoT technology ranging in size from one to a few hundred nanometers is here. With the healthcare industry driving demand for sensor-based IoT and manufacturers neglecting the importance of fully securing other areas that relate to IoT, nano IoT is shaping up to be a hacker's dream-come-true. Devices such as diabetic healthcare pumps, kidney pumps, heart monitors and medical diary journey devices are some of the products that can cause adverse effects to a person's health if hacked. This is – and will continue to be – important when more and more customers of IoT are exposed to these risks. Sure, these dangers are known, yet nothing is being done about them. Instead, many in the industry are embracing the mentality of “We will fix it when we get there.” That's the extract same mentality that has impacted a lot of business over the past few years – and look where it got them. The protection of customer information should be at the forefront of all businesses and vendor providers' minds. Customers should have their own concerns, as well. It will be paramount for the customer now to be the first line of defense for information security. Self-awareness with a security mindset will need to become the new norm. As more and more customers become codependent on their smart devices, entrusting their products to securely hold their interactive PHI (Personal Health Information) constitutes a single point of failure. If this one single device does not have the proper security in and around it, the likelihood of these devices becoming compromised becomes higher. With 96 percent of security professionals projecting that IoT security breaches will take place in the next two to three years, the demand for better security practices will likely be higher than usual, as well. So, what can be done? It's simple: know where you are and where you want to be and close that gap. Organizations should try to learn what devices are all transmitting from and to your smart devices and/or feeding information to the nano IoT source. Hardening these and locking them down by implementing some sort of authentication process would help to identify what devices are authenticating and how they are authenticating. With this knowledge, the consumer can isolate unauthenticated devices and users. Enterprises should also seek to limit the amount of data sent to critical devices, as reigning in this transmitted information to the device would also ensure there is very minimal security exposure.
About the Author: Ricoh Danielson is a U.S. Army Combat Veteran of Iraq and Afghanistan. As a digital forensic expert in cell phone forensics for high profile criminal and civil cases, Ricoh has a heavy passion for information security and digital forensics that led him to start up his firm (Fortitude Tech LLC) in the middle of law school to become Phoenix’s heavy hitting digital forensic powerhouse. He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
