Gartner: IoT breaches may result in physical damage. People safety becomes the primary goal

CISOs need to protect the integrity of Internet of Things (IoT) devices and employ “adaptive trust”, Gartner”s research director Dionisio Zumerle says in a recent interview.

“Digital businesses and the IoT may seem distant from certain enterprise scenarios; in reality, they are not”, Zumerle says. “For example, commercial car sharing implementations leverage smartphone apps as car smart keys, while headless ATMs can deliver money via the customer’s smartphone app.”

According to Gartner”s research director, from a security standpoint, the scale of these interactions can reveal more vulnerabilities and demand caution. In the past year, for example, more than 3.4 million vehicles had to be patched for security vulnerabilities that impacted passenger safety. The fears over the risks of interconnectivity are such, he adds, that China has forbidden its armed forces from using internet-connected wearable technologies.

“The traditional model of information security prioritizes the confidentiality, integrity and availability of information. However, as digital business blurs the digital and physical worlds, digital breaches result in physical damage. As a result, the safety of environments and individuals becomes the primary goal”, Zumerle comments.

Here is a list of the main ideas Gartner”s research director has shared:

Smart devices will increasingly need autonomy to make decisions and take actions that require trust. While the recurrent revelations about pervasive surveillance and the increasing invasiveness of mobile apps have turned the security industry’s attention to confidentiality, trust in components mainly relies on integrity assurance mechanisms, not encryption.

Encrypted tunnels are of no use if the IoT devices that use them can be tampered without leaving a trace. CISOs should place increasing attention on integrity mechanisms and assurance when selecting IoT devices and building IoT systems.

CISOs should also contextualize their IoT approaches. Some principles will emerge, such as updateability. Take the example of the connected car: The average lifetime of a vehicle can be estimated at eight to 10 years, while a smartphone has a life expectancy of approximately two years, after which security and OS updates become infrequent or cease altogether. This situation would lead to connected cars being vulnerable to attacks for six to eight years.

Smart devices will increasingly need autonomy to make decisions and take actions that require trust. While the recurrent revelations about pervasive surveillance and the increasing invasiveness of mobile apps have turned the security industry’s attention to confidentiality, trust in components mainly relies on integrity assurance mechanisms, not encryption.

Read the full interview here.

Recently, researchers from Bitdefender Labs examined four Internet-connected consumer devices and found several common vulnerabilities. The analysis reveals that current authentication mechanisms of internet-connected devices can easily be bypassed to expose networks and users to privacy theft.

“The Internet of Things has the potential to infringe on basic human rights and Internet principles by collecting data with an unprecedented level of detail,” Bitdefender security specialists show in this analysis. “We can learn more about someone than ever, based on the person”s intentional disclosure of eating habits, location, lifestyle, etc. as well as via metadata. And although fragmented data sources seem harmless, by aggregating them, cyber-criminals can create an invasive digital portrait of a person. The IoT expands the reach of surveillance and tracking, leaving users with few or no options to customize privacy settings or control what happens to their data.”