I recently bought a fitness band to track my daily workouts and quickly got hooked. The invaluable insights it provided through data analysis, coupled with the constant reminders it pushed out to help me achieve my fitness goals, got me thinking about how the Internet of Things (IoT) is transforming our way of life and shaping our future.

However, my enthusiasm for the fitness band waned somewhat when I read a piece on the IoT security issues it posed. Did you know that cybercriminals can track the movements of your wristband to steal your ATM personal identity number (PIN)? In fact, the success rate can be as high as 90 percent, according to recent research. I was so nervous about the potential consequences that I immediately abandoned my band.

Perhaps that was a bit of an overreaction. After all, certain devices do take steps to protect user identities. The Apple Watch randomizes the media access control (MAC) address of its user every 10 minutes to protect identities, for example, and many wearables regularly update devices and their corresponding mobile apps to close security holes and fix bugs.

Better Safe Than Sorry

By 2025, according to GSMA, the world will have approximately 27 billion connected devices, all of which will need to be reliable and secure. As we move to a more connected world, cybersecurity risks increase manifold. The rising volume of ransomware attacks is proof that digitally connected devices not only pose a financial risk, but also can threaten human lives if breached.

Security professionals, device manufacturers and users alike must be cognizant of the risks that connected devices, including my seemingly innocuous little fitness band, expose us to. We need to minimize these risks if we intend to adopt this life-transforming IoT technology. According to Markets and Markets, the global IoT security market is expected to grow from $6.62 billion in 2017 to $29.02 billion by 2022, at a compound annual growth rate (CAGR) of 34.4 percent during the forecast period.

As more people invest in wearable devices and start paying attention to IoT security, there’s a better chance manufacturers start building in safeguards. In this case, market competition is a good thing: The fitness bands of tomorrow could set themselves apart by offering stronger security controls and enhanced privacy.

IoT Security Is a Shared Responsibility

Increased security awareness is the first step toward fighting IoT threats. Both manufacturers and end users should take equal responsibility to stay protected and minimize security lapses. For example, various layers of cloud, application and network security offerings need to be secured by the manufacturer or vendor. They should ensure that the IoT devices they produce adhere to stringent compliance regulations. Finally, vendors should always plan manual overrides for automated systems in case of a security breach.

As consumers, we must be aware that poor security hygiene is all most attackers need to breach a system. After all, 95 percent of all security incidents involve human error, according to the “IBM Security Services 2014 Cyber Security Intelligence Index.” We should never underestimate the value of using strong passwords, changing default passwords and installing firewalls. Additionally, antivirus, antiphishing and two-factor authentication solutions can go a long way. Most importantly, users should be cautious when clicking on unknown links and use encryption to protect sensitive data from unauthorized access.

Data is a gold mine for cybercriminals, so it’s time we start protecting our devices by any means possible. Vigilance and preparation are the best ways to stay ahead of the bad guys.

Listen to the podcast series: Five Indisputable Facts About IoT Security

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…