I recently bought a fitness band to track my daily workouts and quickly got hooked. The invaluable insights it provided through data analysis, coupled with the constant reminders it pushed out to help me achieve my fitness goals, got me thinking about how the Internet of Things (IoT) is transforming our way of life and shaping our future.

However, my enthusiasm for the fitness band waned somewhat when I read a piece on the IoT security issues it posed. Did you know that cybercriminals can track the movements of your wristband to steal your ATM personal identity number (PIN)? In fact, the success rate can be as high as 90 percent, according to recent research. I was so nervous about the potential consequences that I immediately abandoned my band.

Perhaps that was a bit of an overreaction. After all, certain devices do take steps to protect user identities. The Apple Watch randomizes the media access control (MAC) address of its user every 10 minutes to protect identities, for example, and many wearables regularly update devices and their corresponding mobile apps to close security holes and fix bugs.

Better Safe Than Sorry

By 2025, according to GSMA, the world will have approximately 27 billion connected devices, all of which will need to be reliable and secure. As we move to a more connected world, cybersecurity risks increase manifold. The rising volume of ransomware attacks is proof that digitally connected devices not only pose a financial risk, but also can threaten human lives if breached.

Security professionals, device manufacturers and users alike must be cognizant of the risks that connected devices, including my seemingly innocuous little fitness band, expose us to. We need to minimize these risks if we intend to adopt this life-transforming IoT technology. According to Markets and Markets, the global IoT security market is expected to grow from $6.62 billion in 2017 to $29.02 billion by 2022, at a compound annual growth rate (CAGR) of 34.4 percent during the forecast period.

As more people invest in wearable devices and start paying attention to IoT security, there’s a better chance manufacturers start building in safeguards. In this case, market competition is a good thing: The fitness bands of tomorrow could set themselves apart by offering stronger security controls and enhanced privacy.

IoT Security Is a Shared Responsibility

Increased security awareness is the first step toward fighting IoT threats. Both manufacturers and end users should take equal responsibility to stay protected and minimize security lapses. For example, various layers of cloud, application and network security offerings need to be secured by the manufacturer or vendor. They should ensure that the IoT devices they produce adhere to stringent compliance regulations. Finally, vendors should always plan manual overrides for automated systems in case of a security breach.

As consumers, we must be aware that poor security hygiene is all most attackers need to breach a system. After all, 95 percent of all security incidents involve human error, according to the “IBM Security Services 2014 Cyber Security Intelligence Index.” We should never underestimate the value of using strong passwords, changing default passwords and installing firewalls. Additionally, antivirus, antiphishing and two-factor authentication solutions can go a long way. Most importantly, users should be cautious when clicking on unknown links and use encryption to protect sensitive data from unauthorized access.

Data is a gold mine for cybercriminals, so it’s time we start protecting our devices by any means possible. Vigilance and preparation are the best ways to stay ahead of the bad guys.

Listen to the podcast series: Five Indisputable Facts About IoT Security

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…