The Internet of Things (IoT) offers tremendous potential for businesses. It collects volumes of data and simplifies the transfer of this data. But for all its benefits, the IoT also puts customers and companies at risk for cyber theft. This article is designed to help companies better secure their data. The discussion kicks off by comparing the use of adware in computers to the use of IoT by companies. Both technologies put companies at risk. This article helps companies see the need to secure their data as they put IoT into play.
In 2015, a lawsuit was filed in federal court against Lenovo (formerly IBM) and Superfish charging that the companies violated wiretap laws and trespassed on personal property. Around the same time, a class action investigation was also launched against Lenovo.
The Chinese PC manufacturer found itself in hot water for including a software program called Superfish Visual Discovery on its computers. This adware, which is also called spyware, tracks users’ Web searches and browsing activities to place additional ads on the sites consumers visit.
Blogger Jessica Bennet filed the individual lawsuit charging that the software tracked her Internet use, invaded her privacy and damaged her computer. The class action investigation, meanwhile, alleges that the adware “exposes computer users to serious security vulnerabilities” that could result in the theft of users’ logins, passwords and sensitive data as well as degrade their Internet experience.
“Lenovo is a Chinese company, meaning it is essentially owned by the Chinese government, which is the biggest threat to us by the way for counterfeiting and economic espionage,” says Joey Alonso, president of Quortum, a provider of insider threat and risk management services based in northern Virginia. “The adware they installed on their computers sent user data back to China, so that the company would know how customers were using their computers. Essentially, this information was going directly back to the Chinese government.”
Though this example pertains to adware rather than the Internet of Things (IoT) per se, it demonstrates what is possible once the IoT is in play in products and within companies. The IoT collects volumes of data, and simplifies the transfer of this data, putting customers and companies at risk for cyber theft.
“With the IoT, you’re going to have many more things connected to your corporate and internal networks,” states Alonso, who spent 22 years in the U.S. Navy working exclusively in the intelligence community. “When you talk about the IoT, you’re talking about some very publicly accessible items that people in the know could use maliciously. We can secure that laptop and copier down the hall, but when you talk about the IoT, you’re taking things to a whole new level where those with malicious intent have access to your company, client and employee data.”
According to John Dickson, principal of Denim Group, a computer security service based in Texas, the concerns are multifaceted within the supply chain. “For government buyers, the concern involves sophisticated nation state-sponsored supply chain tampering that enables traditional adversaries of our country to inject hardware or software that allows them to conduct intelligence gathering or to gain unauthorized access to a U.S. government network. For personal users, concerns involve the snooping of personal information—think spyware/adware on a massive scale—that could put their Internet surfacing habits in the public domain or make it possible to steal personal information that could be used for commercial purposes.”