Always on, connected devices are everywhere and a large component of our lives. Most commonly, people think of digital tools like Alexa, Google Assistant, Bixbi, and Siri. It has been proven that these examples are watching and listening to everything happening nearby and have been proven easy to compromise. Smart home systems offer a level of convenience that would not have been possible 20 years ago, yet just like email, it is an opening for cybercriminals and Advanced Persistent Threats.

Consumer devices are always a public concern, but there are currently five types of IoT applications:

✔️ Consumer IoT—such as light fixtures, home appliances, and voice assistance for the elderly.

✔️ Commercial IoT—IoT applications in the healthcare and transport industries, such as smart pacemakers, monitoring systems, and vehicle to vehicle communication (V2V).

✔️ The Industrial Internet of Things (IIoT)—includes digital control systems, statistical evaluation, smart agriculture, and big industrial data.

✔️ Infrastructure IoT—enables the connectivity of smart cities through infrastructure sensors, management systems, and user-friendly user apps.

✔️ Military Things (IoMT)—applying IoT technologies in the military field, such as robots for surveillance and human-wearable biometrics for combat.

Keep the list in mind, but let’s focus on consumer and commercial devices. We are automating our lives with IoT devices – lights, home climate control, locks on our homes and offices; the list is ever increasing. Even the (VR) systems that map our rooms with specialized cameras require a social media account to operate. Wearable devices track and sense critical health parameters, including how often we move, heartbeat, sleep patterns, and even sense blood oxygen level (Sp02). All of this data leaks out. Companies that use machine learning (ML) and artificial intelligence (AI) to analyze your likes and dislikes supply data that governments can use to correlate with other significant data sources from users and store information often targeted by cybercriminals for ransomware.

Over the last five years, several cyber researchers have demonstrated multiple times the ease of IoT compromise. Many examples of illicit use of personal data include the Russian voting hacks and data purchases by police departments to circumvent local legal requirements. The data owner knows more about our private lives than our closest friends and relatives. Facebook and Instagram may even understand our psychology and behaviors more than we do ourselves.

These technologies certainly have advantageous and beneficial capabilities. Still, society now realizes that giving away that much insight into our lives is not a way to maintain privacy in modern society. Routinely jokes are making comparisons to George Orwell’s book 1984 but are they really jokes or merely an underlying concern? We are also starting to understand that tech companies utilize data mapping algorithms to categorize individuals, analyze and quantify actions. Such an effort does have unintended consequences for all of society, regardless of country. Try thinking about how data from one type of IoT device collects data correlated with another. This is why users will finally revolt and make vendors take home and consumer Internet of Things (IoT) devices more seriously in 2021. Expect to see the consumer market start to push back against IoT devices that collect personal data heavily and pressure government representatives to regulate these devices’ capabilities to protect user privacy. Several news examples of this include Minneapolis, San Francisco, and Detroit banning the police use of facial recognition.

“If you think that the internet has changed your life, think again. The Internet of Things is about to change it all over again!” 

— Brendan O’Brien

From a corporate perspective, the method to handle exposure largely remains the same.

Monitor your endpoints

Cybersecurity and Internet of Things (IoT) – Is it 1984 Yet?

I feel like the rest of the security industry, and I am always saying this … “an endpoint is an endpoint.” IoT components complicate the security perimeter. The more IoT points you connect to the network, the more attack surface you add to the network, and depending on the device, and physical security can be compromised.

You can leverage Endpoint Detection and Response (EDR) cybersecurity to protect your network. EDR tools monitor endpoints, proactively look for threats, send alerts during security events, and respond when possible. However, this creates more work due to the elimination of false positives.

Vulnerability Scanning

Cybersecurity and Internet of Things (IoT) – Is it 1984 Yet?

To prevent IoT devices from introducing vulnerabilities into the network, scan the device before enabling the connection. Performing vulnerability scans for devices and systems continuously can ensure the continued health of the network and its components.

Vendor responsibility

Cybersecurity and Internet of Things (IoT) – Is it 1984 Yet?

Like any other device on your network, an IoT device needs to be subject to a patch management lifecycle. In many cases, this is going to be a firmware patch. While performing the selection process, make sure the vendor takes device security and management seriously. Make sure you add this to your compliance requirement list.


IoT will inevitably become embedded in every aspect of our corporate and personal lives. From home appliances to healthcare devices, transport technology, industrial networks, and military weapons. IoT technology enables digital transformation. As more industries undergo digitalization, more IoT devices will be installed and connected to networks.

Whether you’re responsible for the security of a network or the security of your device—you should take IoT security seriously.

Related Posts

Top 10 Application Security Best Practices

The unprecedented growth experienced by the application development industry has put forth millions of mobile .....

Log 4j’ Fatal Security loophole…Most Internet Servers are at Risk

A critical security vulnerability found in software widely used in most Internet server has raise...

Digital Revolution Contributing to A Rise in Cybersecurity Threats

Cybersecurity is umbrella term, that encompass methods and practices, used to protect a critical .….

Is fiscal planning for 2021 already disrupted?

Take a brief look at general examples of how you or your third-party relationship …

Cybersecurity and Internet of Things (IoT) – Is it 1984 Yet?

Always connected devices are everywhere & large component of lives, commonly people think digital ….

“Next-generation” 3rd Party Attacks

In the past attacker simply utilize existing vulnerability with well- used open- source components …

Business Email Compromise (BEC): Old wine in new bottle

Despite a 25-year history, Business Email Compromise (BEC), remains a highly utilized and attack. ….

Charity Phishing

Cybercriminals love the holidays from social media platforms phishing has turned to digital social …

Explaining Cybersecurity to the C Level

Defining a new requirement placed on organization by the pandemic response may leave a completely ..