Who knew? Today Saturday, October 29 is Internet Day. Well, Gemalto for one knew, and here two of their leading lights reflect on where we are now with the challenges facing the Internet of Things.
“The Internet of Things (IoT) is the next step in the evolution of the web, and the intuitively connected network of devices that it will create is set to have the biggest impact,” said Manfred Kube, head of M2M Segment at Gemalto. “Smart cities are one of the most exciting prospects that the IoT will underpin, connecting transport systems, houses and entire city infrastructures together to save time, energy and money through efficiency, while opening up a world of potential. But in order for the smart city to truly take off, there are a number of factors that must be addressed throughout the IoT value chain.
“Connectivity is crucial, and with a number of networks such as LTE, LoRa and 5G at play, city planners must ensure that each IoT use is connected through the most effective channel. The blisteringly fast speed and latency of 5G will mean it’s perfect for connected cars, for example, where data must be relayed in real time, while the low bandwidth and strong penetration of LoRa makes this network ideal for applications in utilities. If devices and infrastructures aren’t connected by the right network, they won’t reach their full potential.”
As Kube said, “Security by design is also a key priority for the IoT, and if hackers are able to manipulate connected vehicles or utility grids, the consequences can be very damaging. In order to secure smart cities, manufacturers should ensure that all data is encrypted, with encryption keys stored safely in the corresponding hardware. These procedures should be in place across all levels, in the device itself, across the network, and in the cloud – right from the start of development. Security should never be an afterthought.”
“The development of smart cities is the next stage of the internet age, but in order for us to be talking about the progress we’ve made when the next Internet Day comes around, manufacturers and governments must ensure they are installing the correct networks and security methods otherwise they will struggle to turn the IoT vision into a reality,” Kube concluded.
It’s all about the data
“Since the internet was created, data has been at the heart of it,” commented Jason Hart, CTO, Data Protection at Gemalto. “However, as our use of the internet and the value of this data has grown, so too has the risk of it being stolen or lost. In the last four years in the UK, over 74 million data records have been breached, with that number increasing every year. While businesses have focused on protecting their perimeters against data breaches, this has left data open and exposed.”
“In the future, businesses won’t just have to protect against theft, but also manipulation of the data that is so valuable to them. As we celebrate Internet Day, we need to remember that GDPR (General Data Protection Regulation) is fast approaching and businesses operating with or within the EU, don’t have a lot of time to get their house in order before they have to announce any breaches that occur.
“The internet has created so many opportunities, but with it has also brought the potential for criminals to prosper,” Hart concludes. “In order to stop this, we need to ensure that our focus is always on protecting the most valuable thing, data.”
UK breach Results gathered from the breach level index:
2013 | 2014 | 2015 | 2016 | |
Biggest overall breach & number of records compromised | Supervalu, Financial Access (1,500,000) | TripAdvisor, Identity Theft (1,400,000) | TalkTalk, Identity Theft (4,000,000) | Fling, Identity Theft (40,000,000) |
Most targeted sector (In order) | Government (26%), Healthcare (22%), Finance (17%) | Healthcare (21%), Government (20%), Finance (11%) | Government (23%), Finance (18%), Healthcare (11%) | Government (23%), Finance (20%), Healthcare (18%) |
Largest type of breach | Identity Theft (55%) | Identity Theft (47%) | Identity Theft (41%) | Identity Theft (52%) |
Total no of breaches | 86 | 135 | 159 | 82 (to date) |
Source of breaches | Accidental Loss (45%) | Malicious Outsider (46%) | Accidental Loss (44%) | Malicious Outsider (48%) |
Total no lost records | 1,924,682 | 9,452,621 | 21,099,207 | 42,200,336 |
Key timeline events (last 3+ years)
2013:
September: Apple includes fingerprint scanners into consumer smartphones
October: European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) begins vote on GDPR proposal, introduced in 2012
2014:
March: The Network and Information Security (NIS) Directive is proposed by the EU, designed to provide a high-level network and information security throughout EU member states, not just against network breaches by hackers, but also against technical failures and natural disasters.
April: CERT-UK launches, working with partners across government, industry and academia to enhance the UK’s cyber resilience
August: Hundreds of images, including nude photos, from many of the world’s biggest female celebrities were posted online as a result of a hack of Apple’s iCloud services that allowed attackers to steal passwords, usernames, and other data in a “very targeted” breach.
2015:
July: Ashley Madison hack, 11 million customer details stolen
December: EU parliament agrees to begin adoption process of GDPR in May 2016
December: Worldwide spending on information security reaches $75 billion for 2015
2016:
January: EU voted to move Network and Information Security (NIS) Directive into law.
May: GDPR regulation entered into force
May: Dating site Fling hacked, 40 million customer details stolen. Largest hack in UK history
June: WhatsApp introduced encryption to its messaging service
September: News breaks of a Yahoo! hack that occurred in 2012, 500 million user accounts
2017:
January: Worldwide spending on cyber security is predicted to top US$1 trillion for the five-year period from 2017 to 2021, according to the Cybersecurity Market Report, published by Cybersecurity Ventures.
2018:
May: GDPR fully integrated into EU law and fully enforceable.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow