News story

QA warns we’re operating in the cyber security stone age when it comes to the Internet of Things

LondonLearning NewsQA

Fifth Annual Internet of Things Day, April 9th 2016. As the technology industry prepares to celebrate technical achievements in connecting objects together, the UK’s largest training provider, QA, warns that from a security perspective, the IoT is broken.

The rise of objects that connect to each other and to the Internet - from cars to pacemakers - is unleashing a wave of new possibilities for data gathering, predictive analytics and IT automation.  However, as well as providing opportunity for business intelligence, these objects also pose opportunity for increased cyber-attacks.

Richard Beck, Head of Cyber Security at QA, comments: “There are still many organisations that are yet to engage and understand what the Internet of Things (IoT) means for their environment. More so, the drive to higher profit margins is causing security issues to be ignored.”

QA is urging organisations to account for the ‘human element’ when it comes to setting IoT policies, investing in and deploying connected technologies.  The company is calling for businesses to plan for adequate education of staff in order to protect organisations from an increased attack surface and significant increase in privacy vulnerable applications and devices.

Richard continues: "When it comes to securing the IoT, we’re operating in the equivalent of the cyber security stone age.  The security and privacy implications around the growing connectivity of devices is well-documented – an ever increasing attack surface, ever more sophisticated cyber criminals and users’ acceptance that technology will permeate every aspect of their lives.”

“As it stands today, from a security and privacy perspective, the IoT is broken.  There is no quick fix and we’re operating with an element of risk.  What’s the answer?  Technology has a role to play for sure. At the very least those organisations and software development teams should consider the privacy challenges of their connected products, devices and platforms. Offering a level of encrypted service for ‘sensitive’ information flow, with authenticated access should be built in user interfaces. The battle ground for the 21st century IoT will be won and lost on the grounds of privacy and strong security controls. Regulators should at least recommend and in time mandate minimum security controls to avoid the continued exposure of our sensitive and private data as we adopt more and more connected technology services at a consumer and business level. This won’t offer 100% protection today, but it might move us on from the cyber security stone age – before the perfect ‘privacy storm’ strikes.”

“From the office lighting system and alarm system to wearable technology, almost every business has a connected device operating in it.  However, white-hat hackers are finding and regularly reporting vulnerabilities, leaving users open to a potential privacy or data breach. It’s only a question of time before IoT devices are used to pivot into sensitive business areas avoiding legacy security controls. It is important employees have an understanding of exactly how they can protect themselves against being targeted. In some cases, it’s as simple as switching off Bluetooth."

QA runs a comprehensive cyber security training curriculum including an introductory course ‘Understanding the Internet of Things’.

For more information visit: www.qa.com

About QA

QA is one of the largest learning services organisations in the UK, developing skills and capabilities for everyone from apprentices to business leaders and has a client base covering 80% of the FTSE 250.

QA offers the only end-to-end cyber curriculum in the UK, including full courses across Cyber Certifications, Cyber Assurance and Cyber Defence.

To learn more about QA and the courses it offers visit www.qa.com 

 

Media Contact
Wendy Miles/Rebecca Reid

Touchdown PR
+44 (0) 1252 717 040
wmiles@touchdownpr.com