Internet of Thing devices open up more weak spots for cybercriminals

This article is more than 12 months old

Health sensors, smart home appliances and even toys that connect to the Internet - the number of such Internet of Things (IoT) devices is expected to exceed that of smartphones next year, giving hackers more ways to spread their infection.

The influx of IoT devices could potentially be used as a "zombie army" to spread malware, without users realising gadgets have been compromised, experts at The Straits Times Global Outlook Forum warned.

To combat this, today's schoolchildren should be trained in basic cyber hygiene, Singapore's defence cyber chief and Cyber Security Agency chief executive David Koh said.

How to keep devices secure, the global nature of cybercrime and the emergent threat of cyber warfare were topics raised at a discussion.

Also on the panel were Mr John Lee, president of the ISACA Singapore Chapter, and Mr Richard Skinner, partner for strategy at PwC Singapore.

The ubiquity of IoT devices has prompted countries such as Germany to impose bans on children's smartwatches and Internet-connected dolls over spying concerns, as security in such devices are quite lax.

"Most IoT devices are consumer-driven and so security is not built into such devices," said Mr Lee.

But government intervention and regulation are not always the answer.

"Regulations are only a stop-gap measure until device manufacturers make them safer by design," he said.

That these devices can be exploited so easily also points to the global nature of cybercrime, where attacks can be launched from anywhere in the world.

"Cyber does not respect borders. In fact, cyber criminals deliberately target the seams, the differences between borders, to get away with what they do," said Mr Koh.

To take on such criminals, communication between governments and within regions is important, he said.

Mr Skinner said the enemies Singapore faces in the global cyber arena are widespread.

They fall into three groups: those who do it for monetary gain, state-sponsored agents and those who stage cyber attacks "out of curiosity".

"What's interesting about those types are: Can we harness them and bring them back to our workforce?" he said of the last group.