The internet of things and the risk to your security: How does ISO deal with it?

In recent years, the Internet of things (IoT) has become increasingly common in our homes and offices. In fact, you’ve probably heard about it, about its benefits, but do you really know its implications?

Certainly, the Internet of Things (IoT) has brought benefits to our lives, now our physical devices are connected to the network, they can share data in real time and that results in new features, such as being able to control them remotely, receive alerts and updates.

The low cost of processors and the near omnipresence of wireless networks makes it possible for almost anything to be part of the IoT. From a car to a coffee machine to your alarm system, everything can now be part of this digital interconnection, in fact any device that connects directly to the internet or to another device that connects to the internet (that is not traditionally a device that you expect to connect to the internet) can be considered part of this technology.

The advantages of IoT are clear, not only can we control our devices remotely but you can also control them from a single place, the integrated technologies of voice assistants such as Siri, Alexa or Google asistant allow you to control products for the intelligent home and currently compete for greater market share with a view to becoming the IoT Operating System that consumers choose to control their lights, thermostats, locks, cameras and appliances.

However, most people don’t stop to think about what this technology can mean for our privacy or even our security. Remember, for example, when in 2013 hackers managed to steal thousands of Target credit card numbers by entering your network through an HVAC (Heat, Ventilation and Air Conditioner) system. In other words, they entered the private network of one of the largest Retailers in the United States, through an Air Conditioner.

And the truth is that the data generated from the privacy of our homes is not as protected as that of large organizations. A recent experiment showed that it is possible to hack into a moving car and deactivate the accelerator. This is where the importance of having information security and privacy standards becomes evident.

How to protect consumer data?

There are, in fact, standards addressing these issues; ISO/IEC 27001 and ISO/IEC 27002 provide a common language for addressing governance, risk, and compliance issues related to information security. ISO/IEC 27031 and ISO/IEC 27035 help organizations respond, disperse, and recover effectively from cyber attacks.

However, the ISO Committee on Consumer Policy, while most people do not really consider the amount of information they share on the Internet and how easily it tracks and identifies people, has decided to take these issues into consideration in the standardization agenda.

Pete Eisenegger, a consumer protection expert working on privacy issues at international and European level, thinks the problem is that these everyday devices are coming onto the market without considering the protection of consumer data and in this respect he notes “Engineers must work with design processes that put a strong emphasis on these features so that fewer vulnerabilities arise”.

For this reason, the ISO/COPOLCO Committee proposes to create a digital design standard for privacy in goods and services. “If we could develop a privacy design process inspired by the continuous improvement cycle of ISO 9001, as ISO 10377 has already done for product security, we would be taking a big step forward. Eisenegger adds.

While there are many standards on cyber security, there is still a long way to go on IoT. The good news is that we can be sure that even though consumers are not fully aware of the potential dangers in these technologies, people like Eisenegger and the ISO/COPOLCO Committee are working to make them safer.

Want to know more about information security? Don’t miss our ISO 27001 course