In a recent article, "The Internet of Things meets disruptive technologies", I talked about some of the security implications of the IoT, noting that in coming years, threat levels will rise further as the IoT comes online and opens up even more ways for\u00a0cybercriminals to exploit the weakest links in the ecosystem\u00a0to move around on the network and seek financial gain.\n\n\nMany of the commonly discussed threats involve theft of sensitive data, introduction of malware, and ultimately, \u201ccommand and control\u201d-style sabotage of connected, controllable devices. Of course, the threat level increases as IoT devices become more controllable and more autonomous. In these latter cases, cybercriminals can exploit vulnerabilities to remotely control IoT devices to change sensor or device behavior, to sabotage these devices, or even inflict physical damage on the surrounding environment.\n\n\nHere\u2019s a few scenarios to illustrate the point:\n\n\n\t\n\t\tConnected home hacked to open the front door to thieves, open garage door to steal a car, raise heater to maximum levels to damage air conditioning system and\/or household goods, turn off refrigerator, turn off sprinkler system, access personal computers, and so on.\n\t\n\t\tConnected, autonomous car or delivery vehicle sabotaged to crash via inappropriate acceleration or braking, or sent to incorrect destinations; vehicles such as trains, aircraft, drones, ships etc. similarly misdirected or sabotaged.\n\t\n\t\tConnected hospital hacked to change the route of delivery robots; functions of medical devices such as pacemakers and insulin pumps, and so on.\n\t\n\t\tConnected manufacturer hacked to interrupt functions of warehouse \u201cpicking\u201d robots, equipment monitoring and maintenance sensors, plant control systems, supply chain activities, and so on.\n\t\n\t\tSCADA and PLC systems sabotaged in similar fashion to the Stuxnet worm that span up Iran\u2019s nuclear centrifuges.\n\n\nIn each case the resulting \u201cdamage\u201d can range from nuisance issues all the way to serious issues related to potential injury or loss of life, damage to physical property, or even threats to national security.\n\n\nWhile hacking and sabotaging the sensors and devices themselves may grab the headlines, one of the other major issues in the future will be the simple theft of detailed and sensitive data arising from the ongoing use of IoT sensors and devices \u2013 this is the halo of data that swirls around these objects.\n\n\nAs part of their everyday use, many IoT devices will contribute to what I call the \u201cInternet of Behaviors\u201d. This is the detailed usage and behavioral data that\u2019s collected as individuals use various IoT devices and systems. It provides compelling insights that organizations can use to gain a better understanding of their customers in terms of their preferences, behaviors and interests.\n\n\nWhat this means in terms of the implications for cybersecurity is that cybercriminals will now have more access to masses of sensitive data revealing consumer patterns of behavior. This may well give cybercriminals more data such as healthcare data to hold for ransom, and more data such as daily travel routines to pick the exact time and place for a physical crime. We may also see more thefts of mobile devices since many will now provide physical access to homes and offices.\n\n\nAs we continue to blur the lines along digital and physical boundaries, we may see cybercriminals form allegiances to perpetrate hybrid digital and physical crimes. You can imagine a digital cyber-ring selling stolen property access (e.g. hacked electronic front door or building access codes) or vehicle delivery schedules and routes to traditional criminals.\n\n\nAs IoT ecosystems are developed, and often include multiple partners and suppliers as well as consumers and citizens, it will be important to gain an understanding of the potential legal issues should either sensitive data become compromised or these sensors and devices themselves become controlled by cyber-criminals. A comprehensive risk management strategy, and a robust approach to cybersecurity, will need to be developed to support these new classes of devices, and their new usage scenarios, which extends existing cybersecurity techniques.\n\n\nFour key tenets of this new approach to cybersecurity will include converged security (to protect physical as well as digital assets), defense-in-depth (even more important with more points of vulnerability on the network), \u201czero-trust\u201d (to help prevent lateral movement on the network once hackers gain access via IoT devices, for example), and an adaptive perimeter (to help dynamically draw and re-draw lines of protection around key external assets).\n\n\nFinally, with the \u201cInternet of Behaviors\u201d now storing masses of detailed consumer behavior from the use of IoT devices and systems, it will be critical for organizations to define and clearly understand roles, responsibilities and expectations of each other in terms of data privacy and also in the event of data breach within IoT ecosystems.