The internet of things (IOT) and Cybercrime – what are the actual problems?

Technology in the hands of businessmenWe have all heard the catch phrase “the internet of things”. It is part of the big data revolution that big businesses are starting to use to understand the human animal. The old saying that one person is smart but a group of people are stupid is relatively true, according to recent big data analysis.

Isaac Asimov’s foundation series was based on the ability of scientists to predict the future using their version of big data.   Their scientists predicted a great failure across the galaxy and instead of civilisation being destroyed for thousands of years their use of Big Data and strategic positioning meant it would only have a dark period of 1,000 years.

Statistics have shown that it is difficult to predict how a single person will act, but that with the right information and knowledge we can predict how a group of people will react to a certain stimulus or what they will do in a certain situation—no longer just in science fiction!

The internet of things is based largely on convenience. It is more convenient for my refrigerator to tell me it is running out of milk than for me to have to open the refrigerator to find out. It is more convenient for the house to lock the doors and secure the windows at a certain time than for me to remember to do it myself.

This information is based on statistics generated by big data, which relay what a large number of people would do in a certain situation in order to develop marketable products. Again, the statistics are based on what a large number of people would do, not what you personally would do in the situation. Maybe you like to only have a little bit of milk in the refrigerator, or you only go shopping on a specific day and tomorrow is not that day!

I am concerned about the internet of things, because in an overly connected world two important things are lacking–security and privacy.

Where is the security? In the rush to get all of our “things” connected and talking to each other, we have forgotten to consider basics like security within the digital world. In my field we have a saying: “There are two types of people–the ones who have been compromised, and the ones that do not know they have been compromised.”

Access to big data creates a new level of criminal activity, as internet aware systems become new targets. We have already seen refrigerators sending out email and air conditioners being transformed into listening devices. You just gotta love the future!

For most developers and large organisations, getting a product to market, before the competition does so first, is critical. A delay at the manufacturing level simply because the operating system is insecure, is unlikely to happen. The product will be released as soon as possible, and it will be patched when the first system gets compromised. How you patch a refrigerator remains to be seen!

There are currently no stringent tests to secure operating systems. The operating system could be 10 years old and riddled with flaws, but it will go into production and be marketed to the public as the next best TV, refrigerator or air conditioner, loaded with convenient “extras.”

The lack of privacy is another concern. The desire for increased convenience is driven by both users and manufacturers. When a device has the ability to connect to the internet, all information generated by the users of the device can be sent back to the manufacturer. Sound like big brother at all?!

Until the issues of security and privacy are addressed, with regard to the internet of things, my advice as always – treat them all with Paranoia and always use common sense.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.