IoT devices massively extend the perimeters of any organisation. How well protected are yours?

“Help – my fridge has been hacked!”

The average Australian home has 13.7 internet connected devices today while two in five homes have at least one Internet of Things (IoT) sensor or appliance according to recent research from Telsyte. These are any digital smart devices that connect and remain connected to the internet.

We may use devices to control the lighting or heating at home, or to keep an eye on the baby in the nursery; maybe it’s a smart appliance (such as fridges or coffee machines) or even wireless door locks. The chances are that each of our PCs, tablets or smartphones have some form of password control, firewall, or virus protection – but are we sure that the IoT appliance such as the backyard camera is actually secure?

The IoT devices we have at home are now being deployed in offices, factories, and shops. As our city becomes increasingly ‘smart’ – the security question grows ever larger.

This is a critical issue that does not just impact businesses that are technology-focused or data-driven. If your business uses a smart IoT device to monitor your energy usage or has a camera connected to the internet to monitor your shop or agency, you have potentially opened up the door to a cyber-attack if that device isn’t properly secured and regularly patched. As a Real Estate agent, you hold a significant amount of sensitive information.

IoT devices massively extend the perimeters of any organisation. How well protected are yours?

The information gathered by IoT devices can deliver unprecedented volumes of very valuable data to an organisation. That data can be turned into insight to steer decision-making and identify business opportunities. However, there are few standards in IoT device manufacturing today, and security is often bolted on as an afterthought with varying success. Each device potentially offers entry to the broader enterprise network. There is already IoT specific malware such as Mirai and Hajime targeting these IoT networks.

Aon’s recently released Global Risk Management Survey reveals that cyber threats are now ranked as a top five business risk by organisations all over the world – and it became a top five risk in Australia for the first time ever in 2017.. This study particularly highlights the rising risk of cyber criminals hijacking IoT devices to act as botnets to then attack critical systems.

Cyber-attacks may cause electric outages, shut down assembly lines, block customers from placing orders, and break the equipment that companies rely on to run their businesses.

How fast is this risk rising?

In 2016, businesses ranked cyber risk at number nine –jumping four places in a year.

The Australian Centre for Cyber Security recently noted that around seven out of ten Australian organisations now have a cyber response plan – but only 46 per cent have actually tested it.

The impact on brand and reputation of a poorly handled cyber incident can’t just be measured in dollars. The cyber-attack on last year’s online census wasn’t handled well. It earned the ABS its own Twitter handle, #Censusfail, and even now the reputation of ABS is tarnished.

Preparing for a cyber-attack is even more important because of the imminent introduction of legislation. This requires most Australian organisations to notify authorities and affected customers if they suffer an eligible data breach.

Aon are leaders in cyber risk consulting and insurance solutions and have been working with the Real Estate industry for over 20 years. Please contact us on 1300 734 274 or email We can assist you in preparing for, responding to, mitigating and transferring risks associated with cyber incidents.

* Conditions apply. For full policy wording please contact 1300 734 274. © 2017 Aon Risk Services Australia Limited | ABN 17 000 434 720 | AFSL 241141. This information is general in nature and should not be relied on as advice (personal or otherwise) because your personal needs, objectives and financial situation have not been considered. So before deciding whether a particular product is right for you, please consider the relevant Product Disclosure Statement or contact us to speak to an adviser.


Leave a Reply