As “things” get smarter and gain more access to and control over our lives, they present new vulnerabilities for attackers to steal, control, spy on and sabotage our physical world.
Imagine making your way to work in an automated car, relying on a digital assistant to intelligently manage your home and shopping, and receiving deliveries from automated drones. This may sound like science fiction, but it won’t be long before these fanciful imaginations become reality.
With the market for the Internet of Things in India poised to reach USD 15 billion by 2020, our homes, factories, cars and practically every aspect of daily life are on the brink of becoming more digitally connected, automated and smarter—from the devices we use, to our household appliances and public infrastructure.
As technology companies race towards this hyper-connected future, the government organizations are not behind. Much like its counterparts around the world, Indian government is grappling with a rapidly changing digital landscape. For example, public utilities are being digitized for greater scale and efficiency under the government’s flagship Digital India and Smart Cities programmes.
In addition to benefits, these transformations bring additional risks, as well. All technology contains security vulnerabilities. As we become more reliant on technology, we become more vulnerable to those who would exploit these vulnerabilities to do harm. And as we improve our digital infrastructure, adopt more advanced technology and become more connected, our adversaries too are evolving their tools, techniques and capabilities. Although the adoption of smart technology has the potential to provide organizations with better ways to defend their systems, it will also create new avenues for organized actors with malicious intentions to undertake sabotage, conduct espionage and do other harm.
These risks are real and wide ranging. They can come in the form of unauthorized access to homes and offices, theft of information or money, manipulation of equipment, extortion or even hijacking. Recently, attackers conducted an intrusion into a casino through an internet-connected fish tank. Most Internet of Things devices use a common processor architecture, which means malicious tools could easily be added to a compromised IoT network or home automation system, thus increasing the overall impact of a targeted attack.
As technology becomes further embedded into our daily lives, our physical worlds are increasingly connected to and operated by digital systems, and the trust we place in these systems inherently grows. This growing trust comes at a price! As computers increasingly control various critical devices and systems, the potential for malfunction or manipulation that causes a data breach, financial losses and human harm rises significantly.
This doesn’t mean we need to halt the progress of technology and move to a bunker. India isn’t likely to ever become less reliant on technology. The convenience of setting the air-conditioner on your way home, or the benefits of real-time traffic management to our strained cities, are undeniable. However, we need to be thoughtful. The more we rely on technology, the more attention and investment must be put into security considerations.
From a consumer standpoint, devices should undergo rigorous security testing—particularly as people place an increasing amount of trust in devices that are not just connected to home networks, but also give access to many details about the daily lives of their users.
Businesses are increasingly recognizing that breaches are inevitable, but if they can detect and respond quickly enough, the consequences do not have to be. Indian firms must ensure they have strong security controls to both detect and respond to attacks. They can leverage real-time technology to stop attackers in their tracks before they gain a foothold in the network. They should adopt network security solutions to minimize the risk of costly breaches by quickly detecting and stopping attacks hiding in Internet traffic. In addition, connected devices need strong endpoint security. As a strategy, businesses should explore intelligence led security which will help them transform from compliance to risk mitigation.
While we can marvel at technology that makes the future possible, we also need to responsibly pursue stronger cyber security measures, in homes, in business, and in the public sector.