The Internet of Things (IoT) is a term that causes much confusion, but doesn’t need to. IoT simply refers to the huge range of devices that are all connected to the internet and, therefore, to one another. Aside from the standard fare of computers and smartphones, the IoT really refers to the vast range of connected devices we would not usually associate with the internet, from cars, to kitchen appliances, to thermostats. The array of devices with the potential to make the shift from ‘dumb’ to ‘smart’ seems almost endless, with around 8.4 billion IoT devices currently in use around the world, and a predicted 20.4 billion to be in use in households and businesses by 2020. The majority of IoT devices are currently found in the US and Chinese markets, but Western Europe will be the other major region driving this growth. However, the rapid growth in numbers of connected devices in circulation is also driving very real security concerns.
The security threats facing companies are constantly evolving with new technologies. For example our recent survey found that 77% of companies predict cybercriminals will use AI to strengthen attacks in the next 12 months. Despite the forecasted growth of the Internet of Things, consumers too have expressed justified security fears which will need to be addressed before widespread adoption. The worries surrounding the IoT read like features of a dystopian novel, but are in fact a very real concern. A study from Hewlett-Packard found that 70 percent of the most commonly used IoT devices were not secure. On one hand, there are concerns around the use of these unsecure devices for government surveillance, as evidenced by Wikileaks’ release of CIA documents highlighting the targeting of consumer electronic devices. Our Android devices, iPhones, and Smart TVs are all open to being spied on and targeted, due to their often paper-thin security levels.
On the other hand, these devices are frequently targeted by hackers for a range of criminal activities, which can be divided into two categories. Firstly, devices may be taken over by hackers and used to do something they are not intended to do. Distributed Denial of Service (DDoS) attacks are one example of this. DDoS attacks attempt to make an online service unavailable through overwhelming it with traffic from multiple sources. Due to the relative ease with which hackers can access a range of IoT devices, they are often employed in these attacks. Your smart toaster may unwittingly be contributing to these large scale disruptive botnet attacks.
Secondly, devices can be commandeered and put to their intended use, but in devious ways. For example, a drone device may be taken over mid-flight, and simply redirected into the hands of the hacker. More nefariously, we may have cause for worry if our future self-driving car can be overridden and directed off the road. In the future, hackers may conceive of a multitude of ways in which to use our devices that we simply can’t comprehend beforehand.
It’s clear then, that the cyber threat to IoT devices is less about the traditional viruses we associate with our computers and laptops, and more the re-purposing of open devices for criminal activities. While there is no simple fix for IoT security, there are simple ways in which we can greatly improve the security of our own devices. Too often consumers fail to change the default password of their devices. This simple step may not shut out hackers completely, but it will at least close the front door.
A culture change should also be adopted within organisations, where cyber security should be made a top priority. The first step for organisations in IoT security is to identify how many connected devices are on their network. A survey from AT&T shows that almost half of enterprises base the number of connected devices in their business simply through estimations. Penetration testing is an effective method to get on the front foot and understand the extent of the IoT security challenge facing your organisation. Employees should also receive basic security training, and risk assessment and information system audits should be commonplace.
Securing the Internet of Things is a daunting challenge, complicated by the fact that many devices use only simple processors and operating systems, incapable of supporting sophisticated security approaches. Placed on the top of Gartner’s list of 10 IoT technologies for 2017 and 2018, security will remain an ongoing issue for manufacturers and regulators as IoT device use expands. However, consumers should remain aware of the risks and take it upon themselves to adopt whatever steps possible to secure their devices.
For further advice and support on how to secure your IoT assets and protect your business speak to our subject matter experts, e-mail us at info@ward.ie or call 1800 903 552 to discuss your unique requirements.