“The number of Internet-connected devices is growing rapidly and is expected to reach 50 billion by 2020.”
This data is overwhelming and testifies the importance and reach of IoT. When we talk about IoT in general, we mean all those devices that communicate and can be accessed via the internet based on their IP addresses. These “talking devices” are widely used in industrial machine-to-machine (M2M) communication, smart energy grids, home and building automation, vehicle to vehicle communication and wearable computing devices.
However, of late, this shift from desktop PC to mobile and now to IoT devices have been attracting tremendous malicious activity. All these internet-connected devices create access points with which hackers can infiltrate any network. That's a concern for any business, because these devices are also starting to show up at the corporate office for use in conference rooms, executive suites, and even as a low-cost building security camera system.
It seems now that the diversity of cyber threats mirrors the diversity of IoT devices. Devices with “always on” network connectivity are enabling new types of attacks that have not been seen in the past; these devices represent a new set of targets for potential data exposure and crime.
“On Friday October 21, 2016, a massive distributed denial-of-service (DDoS) attack was launched against Dyn, an internet infrastructure company.” The attack was so massive, it blocked access to very popular websites, including Twitter, Amazon, Netflix, and many others.
“A similar attack was unleashed on 20th September 2016, on the security news site, KrebsOnSecurity.” That attack was carried out by some 145,000 IoT devices and was described as a giant botnet hijacking internet-connected things, including smart cameras and light bulbs.
These attacks caused significant disruption and exposed the havoc that IoT security breech can create. Experts claim that the industry is not doing enough to protect these devices. The main problem with IoT devices is that their manufacturers have been slow to implement security. Many devices, like security monitoring cameras, are produced as inexpensively as possible and are accordingly equipped with the most basic software, which often can't be updated.
New challenges arise as new device categories like smartwatches communicate with the internet. More and more attacks on companies have started specifically against individual “smart-things” equipped employees, necessitating the integration of personal devices into a security strategy.
When we are letting every ‘thing' connect to the global future, the confidentiality of data and privacy of information have to be given prime importance. They should, for example, define which devices are permitted on the company network and what data exchange with the network or the internet is wanted. Unwanted traffic can be prevented with the right security technology.
“Dan Lyon, the principal consultant at security-as-a-service firm Cigital, says, businesses need to start evaluating IoT products not only for the benefit they provide but also for embedded security features.”
The Internet of Things (IoT) world may be exciting, but these serious technical challenges need to be addressed. With technology, specifically IoT entering our personal spaces, we need to redefine our risk metrics and deploy actionable cybersecurity checks on rapidly evolving threats. To enjoy a risk-free technological ease, we must ensure that adequate security and privacy is available before the technology gets deployed and becomes part of our daily lives.