The world of IoT devices offers consumers and businesses a wealth of benefits, but by sharing more data than ever before, are we leaving ourselves open to more cybersecurity risks than ever?
Background
The Internet of Things (IoT) is the name given to the increasingly large number of internet connected devices available to both consumers and businesses. From Amazon’s popular home assistant, the Amazon Echo, to fridges, thermostats and even cars, the number of internet connected devices available continues to grow and is thought to reach 20 billion by 2020.
The IoT has come with many benefits with formally everyday objects now able to become greater than the sum of their parts by connecting to surrounding objects, and sharing an extensive amount of data about our lives in the process.
Traditionally we may have only thought of interconnected devices in terms of computers, and later smartphones and tablets. The world of IoT is one in which just about anything can be connected and communicate in a meaningful way by sharing data to produce usable intelligence. With the IoT, the physical world is becoming one big information system, with the goal of simplifying processes and empowering individuals and businesses.
However, the more personal information and business data that exists in the cloud to make the IoT work, the more it can be exploited through the devices we are coming to increasingly rely upon. A weak link in the chain could provide hackers with nearly limitless entry points that could lead them to valuable data.
The problem
While IoT devices are undoubtedly improving our lives and businesses, they pose an increasing security threat. It’s a security threat that has already been exploited in the 2016 Mirai botnet attack that took advantage of unsecured IoT devices such as security cameras and wireless routers to unleash sweeping attacks on key internet services around the world in a massive distributed denial-of-service (DDoS) attack.
This attack and others have demonstrated that hackers can now craft attacks with unprecedented sophistication and correlate information not just from public networks, but from different private sources including our smart fridges, thermostats and cars.
Part of the issue that has left the IoT open to such vulnerabilities is the rapid pace that it has progressed with a seemingly constant stream of products coming to market from established brands and start-ups alike. In this quickly evolving world, every device made that connects to the internet is exponentially expanding the points of attack for hackers. A study by Hewlett Packard Enterprise showed that up to 70 percent of IoT devices contain serious vulnerabilities.
Cybersecurity issues with the IoT is becoming a hot topic and consumers and businesses are becoming more aware of the potential risks these devices pose. A survey by digital security company Gemalto found that 90 percent of consumers lack confidence in the security of their IoT devices and only 14 percent believe that they are extremely knowledgeable when it comes to the security of these devices. As for businesses 75 percent reported that encryption is their primary method of securing IoT assets with many also realising that they need support in understanding IoT technology and are turning to partners to help.
The solution
As more people adopt IoT as a part of everyday life at home and in the workplace, regulations are needed to ensure our safety and security. Industry and government are catching up to the concerns of consumers and businesses with a raft of recently passed legislation and guidelines to secure the future of the IoT.
The most recent legislation comes from the UK government, putting in place new measures for manufacturers to boost cyber security in millions of internet connected devices following a rise in cybersecurity breaches. Manufacturers of IoT devices will now be expected to build-in tough new security measures that last the lifetime of the product.
This comes hot on the heels of the U.S. government’s Internet of Things Cybersecurity Improvement Act of 2017 created to establish guidelines for securing devices procured by the U.S. government.
Similarly, companies are beginning to adopt and develop guidelines to ensure the secure development and deployment of IoT devices. Central to these standards are identity-focused security solutions, which can help IoT security by managing the relationships between these devices, the entities controlling them, and the data being sent and received.
One resource to help create guidelines and drive requirements for businesses to follow is the Open Web Application Security Project (OWASP), a repository of information on web applications security, which lays out cybersecurity suggestions in its IoT Attack Surface Areas Project.
Summary
With capable hackers everywhere, and their focus growing on the IoT due to the increasing flow of data around it, securing our interconnected devices and educating users to the risks has never been more important.
The cybersecurity network is adjusting to the demands of the Internet of Things with a better regulated industry and government legislation helping to minimise the threat from hackers. With some relatively simple cyber hygiene practices that stretch from the IT department to employees, organisations can stay connected and still be safe from cyber-attacks. However, we’re still likely to see bigger and more invasive attacks in the short term while we all get to grips with the risks as well as the benefits of our new interconnected world.