The human cost of the Internet of Things

Cyber-attacks have become routine news stories in recent years.

In November 2014 Sony Pictures Entertainment was attacked by hackers who demand that the company cancel the release of the film The Interview, and in October last year one of the UK’s biggest telecom companies, TalkTalk, was hacked for 36 hours during which 160,000 people had their personal bank account details stolen.

According to a 2015 report by IBM, there were 81 million cyber-attacks in 2014. Grand-scale cyber-attacks such are increasing in number, and with the onset of the Internet of Things they are likely to continue, presenting a clear challenge for company bosses and government policy makers.

The Internet of Things is an exciting new technological chapter. As more and more every day devices become networked, society is becoming smarter. We’re able to find solutions that save energy and networked solutions that can help build ‘smart cities’.

IBM predicts that by 2020 there will be 30 billion autonomously connected devices. Yet every new device or network that is connected opens a new door for hackers. The Internet of Things provides us with enormous opportunities for data gathering and analysis but it also means that more systems – individuals and companies – are open to attack.

The majority of cyber-attacks are only made possible because of human error. And it is here that companies have an opportunity to protect themselves.

A CompTIA survey of 1,200 full-time workers across the US revealed that 45 per cent received absolutely no form of cybersecurity training at work. We also found that 63 per cent of employees use their work mobile for personal activities and 94 per cent connect their work devices to public Wi-Fi networks, sharing confidential work data across public networks.

Cybersecurity cannot be left to IT departments alone. Responsibility now rests with all employees and their network-based behaviours, including changing logins regularly or dodging phishing attempts.

Basic human errors – such as opening unfamiliar web links – are things the IT department cannot control.

We conducted a social experiment to observe how a basic human error can lead to a breach of security.

In the experiment, 200 unbranded USB flash drives were left in high-traffic public locations in Chicago, Cleveland, San Francisco and Washington DC. In almost one in five instances, the flash drives were picked up and plugged in to a device. The users then proceeded to engage in a number of potentially risky behaviours – opening text files, clicking unfamiliar web links or sending messages to a listed email address.

The implications are clear – if your employee loses a flash drive or laptop then there is a significant chance that the data will be picked up and observed by a stranger.

But more worryingly, the experiment shows that human beings (employees) willingly gravitate towards making risky decisions such as opening files and clicking on unknown links, purely out of curiosity.

As we move ever-deeper into the Internet of Things your employees will become engaged with a much wider network of devices that link back to your business. They are using a greater variety of personal and corporate tools, and work devices are not solely used for work purposes. Personal and professional data is blending, making it much easier for individuals to leave the door open to cyber-attacks.

It is important to raise awareness of cybersecurity across the entire workforce. Technology is no longer the preserve of IT departments. Every employee needs to understand their own responsibilities in keeping corporate date and devices safe.

Business leaders across the HR, IT and executive functions must take a more active approach to educating staff. Companies should develop their own behavioural policies, enforcing strict guidelines on which devices to use, for what purposes, where and under what circumstances.

The Internet of Things holds great promise for society – but we need to act now to do everything we can to mitigate the new risks it brings.