Many UK businesses rely on enterprise IoT products that connect to the internet, such as printers, cameras and room booking systems. The government is now funding research to uncover potential vulnerabilities of these ‘smart’ devices and assess their cyber resilience.
Smart devices in the workplace can collect sensitive data which can be accessed by other users, making them an attractive target for cyber criminals. While devices may have some protections built in, products with poor cybersecurity can leave companies using them at risk.
Steven Furnell, IEEE senior member and professor of cyber security at Nottingham University, said that people are often less mindful of security risks posed by IoT devices and the fact that they are storing and communicating data in the same way as traditional computing devices.
“Most IoT devices are not doing any ongoing checks on who is using them, they are set up and can then be controlled equally by anyone, albeit maybe with a password or PIN required to get into the ‘Settings’ menu,” he commented.
“However, introducing a check each time someone wants to do something would not be possible if we rely on traditional methods. Biometrics open the door to making the checks in a friendly and tolerable manner, with the potential for seamless transitioning between users of shared devices.”
Government will award the successful bidder up to £200,000 to test popular devices and help identify if current security measures and guidance, such as international standards and NCSC device security principles, are robust enough to protect businesses from evolving threats.
“Technology played a pivotal role in keeping British businesses going during the pandemic, helping the pivot to hybrid working and boosting productivity ever since,” said cyber minister Julia Lopez.
“This research will ensure we have the right measures in place to protect our economy and keep our offices and workers safe from cyber security threats.”
The grant is part of the government’s £2.6bn National Cyber Strategy to protect the UK from cyber threats and grow the digital economy. It complements the Product Security and Telecommunications infrastructure bill (PTSI) going through parliament, which strengthens cyber resilience of consumer IoT devices such as smart speakers and smart TVs.
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University said that IoT devices can provide easy access to an enterprise’s network, especially with a BYOD (bring your own device) culture in place.
“With more devices there are more endpoints, and this could lead to a chain-attack which has catastrophic consequences. Organisations need to ensure they deploy IoT devices with sufficient security policies in place, such as firewalls and intrusion detection and prevention systems, but they also need to ensure they cater for the confidentiality of their customers data,” Curran said.
“This is where encryption plays a core role. Of course, all devices need strong passwords, but it is also good practice to enforce certificate-based authentication which identifies communicating individuals and authorised devices.”