Today, a digital revolution towards “everything connected” is underway. Billions of physical devices in our daily lives are connected through the Internet of Things (IoT).
What are connected devices?
These are devices that are connected to each other by Wi-Fi, Bluetooth or any other communication system that allows them to exchange information. They are therefore innovative devices, often responding to current problems. They can range from simple entertainment to patient monitoring, to the simplification of daily tasks.
According to Statista, 22 billion devices worldwide connected to the Internet of Things in 2018. Today, this number has increased to 29 billion connected devices.
According to forecasts, this will further increase to 38.6 billion in 2025 and 50 billion in 2030.
Since the goal of manufacturers is to rapidly mass produce all these devices cheaply, this has given rise to the top 10 IOT vulnerabilities published by the Open Web Application Security Project (OWASP). For those who don’t know OWASP, it is an online community working on web application security. Its philosophy is to be both free and open to all.
We will therefore end up with devices on the market that have native problems such as weak, guessable, hard-coded passwords or a password that is identical to all the devices in the production chain. We will see security mechanisms that are absent or very weak. For example, encryption is removed in order to gain autonomy. These absent security mechanisms are made worse by having physically vulnerable hardware. There is a whole series of vulnerabilities in the object’s firmware as well as all the vulnerabilities linked to communications.
All these devices, in addition to finding their way into our homes, can also be found in our businesses. There are applications in areas such as: energy, as announced by Engie in 2015, agriculture, health, transport, smart buildings or smart cities. With these devices having such a vast outreach into our everyday lives, it will become the biggest source of insecurity ever known with dramatic consequences in the real world.
For instance, let’s consider a connected baby monitor. We all agree that it is very convenient to have a view on your child and to have direct feedback on your smartphone. However, the security of these devices is often poor and companies do not fix them, so hackers can take control of the baby monitors and gain access to the video streams and/or microphones. The recordings can then end up on a public list and available for sale or on pedophile websites. Similarly, imagine if hackers attacked pacemakers or other medical devices. The consequences could be equally dramatic, even life-threatening.
Before the Internet of Things, patients’ interactions with doctors were limited to visits and communication via phone or text. There was no way for doctors or hospitals to continuously monitor patients’ health and make recommendations accordingly. The Internet of Things (IoT) enabled devices to make remote monitoring possible in the healthcare sector.
The IoT is undoubtedly transforming the healthcare sector by redefining the device space and the interaction of people in the delivery of healthcare solutions.
But we must ask ourselves… at what cost?
Conclusion
In the field of patient care, a connected medical device should only be embraced with extreme prudence due to potentially safety vulnerabilities and risks to patient safety.
In this context, it’s important to understand how EU legislation protects personal data collected by those IoT devices.
Remote GDPR courses are an excellent learning format because of the flexibility it allows. Through this training, you will be able to reduce the risk of potential data breaches while signifying your corporate structure.
To be able to join the GDPR e-learning courses, you will just need a browsing device (from a tablet to a desktop computer via your smartphone) and an Internet connection. So don’t wait to get started on you GDPR training journey.
Read our other Article to learn more