As an increasing number of companies aim for comprehensive digital transformation, the need for increased connectivity and the adoption of IoT are matched only by the proliferation of cybercriminals – both the masterminds and the crime-as-a-service purchasers, whose main target is exploiting IoT devices, with their ultimate goal being attacking the entire organization. IoT devices can be compromised to leak data, harm operations, deny service, or infiltrate the organization’s IT network.
Their ever-growing numbers – current stats range from 27.5 billion devices to 75 billion in only a few more years – means that secure communications and the adoption of IoT security solutions is crucial.
A recent survey revealed that an average of 61 percent of businesses are using IoT to bolster operations. At the same time, 28 percent of companies experienced a cyberattack due to the use of IoT infrastructure, as threats on IoT devices tripled compared to the same period in the previous year.
The data and findings are based on extensive research done in cooperation with Infiniti Research, a premier provider of market intelligence solutions for leading players across industries.
As IoT devices, networks and uses are an evolving domain, organizations must keep abreast of developments in the ecosystem to take advantage of the operational and cost benefits ahead of the competition.
Cyber security is a pillar in the enablement of IoT deployment, and, in many cases, an inhibitor to large scale remote operations, if not taken into account at the design level. Both the hardware and the software must be protected.
For other IT networks, and other connected devices such as laptops, servers, mobile phones and others, security is often an afterthought, added on to close security gaps on the go.
However, the simplicity of IoT devices in terms of software and hardware, and the possibility of large-scale data sharing among applications and systems, are advantages that may bring an organization’s downfall.
We’ll dive into some of the factors that make IoT device security is a top concern and drive the criticality to address it.
- Increasing dependence on IoT devices – Growing reliance on IoT devices is borne out of their efficiency, user-friendliness, automation capacity, and time- and money-saving features. Moreover, the IoT world opens new business models for organizations, monetizing on data-as-a-service, product-as-a-service, and process-as-a-service. These new business models lean on digital transformation that has resulted in the need for increased connectivity and technologies – such as 5G, AI, and machine learning – and the increased adoption of IoT especially in communications, finance, hospitality, and healthcare. Furthermore, the global telecom industry depends on IoT adoption to monetize 4G and accelerate 5G adoption to realize business goals, while the automotive sector relies on IoT to advance connected vehicles operation and capabilities.
- Increasing incidences of data breaches – The proliferation of connected devices has created a security blind spot where cybercriminals can launch zero-day attacks to compromise devices such as webcams, smart TVs, routers, printers, and smart homes. The ramifications of such attacks span from inconvenience to day-to-day privacy to disastrous shutdowns. This doesn’t even consider brand damage, legal liability issues, and regulatory fines. Remember the December 2019 lawsuit filed against home security products provider Ring for reports of multiple hacking incidents on its security cameras? The good news is this incident increased market awareness of IoT device security and a demand for more effective security software.
A 2020 Thales Data Threat report indicated the following top IoT security concerns:
- Privacy violations related by IoT device-generated data-26 percent
- Attacks on IoT devices that may impact critical operations-33 percent
- Loss or theft of IoT devices-27 percent
- Lack of product updates provided by manufacturers – To accelerate time to market, manufacturers are spending less time testing and securing their devices. Lack of IoT industry standardization also means manufacturers have had to base programming protocols on their hosts’ ecosystems – losing synchronization across platforms, limiting developers’ ability to create a universal security protocol, and offering hackers multiple platforms from which they can breach the devices and steal data.
- Built-in vulnerabilities in IoT device security – IoT vulnerabilities are broad and wide thanks to default or hardcoded passwords and fewer manufacturer updates. Furthermore, the broad range of transmission technologies make following standard protocols difficult, resulting in unsecured networks with IoT devices remaining exposed and defenseless.
There has also been an increase in the number of attacks on blockchain-based applications, where social engineering is being used to extract usernames and passwords.
While some IoT device security firms are taking steps to identify threat intelligence data and match them with endpoint security solutions to minimize vulnerabilities, they cannot offer complete security against hackers, as the technology requires regular testing, patching, and updating.
Market Trends Pointing to An Optimistic Future
IoT security is being addressed with a variety of approaches and technologies.
- The growth of blockchain – This decentralized, distributed ledger-based technology enables direct information-sharing among connected devices. It monitors the information collected by the sensors, without causing them to be duplicated, and enables sensors to transfer data, eliminating the need for a trusted third party. For instance, IBM introduced a new supply chain service based on its blockchain platform, which helps developers combine data onto the distributed ledger with the help of an API. This allows end-users to securely integrate the data from IoT sensor systems onto the hyperledger.
- Increase in the use of AI for IoT security – AI helps safeguard assets, reduce fraud, support analytics, and enable automated decision making in IoT applications. Machine learning can be used to monitor incoming and outgoing traffic in IoT devices to create a profile that determines the normal behavior of the IoT ecosystem – helping detect threats via unusual behavior patterns. Moreover, using AI to collect data from smart homes and organizations, web cameras, and other IoT devices helps provide data security and strengthen privacy, reducing the chances of cyberattacks. For example, organizations are using AI to determine employees access patterns, get insights for future office layouts, and detect suspicious activities. Aerospace and defense companies are combining IoT, AI, and cloud infrastructure to discover DoS or DDoS attacks.
- Taking a network-based approach to IoT security –IoT security is critical to all aspects of enterprise and personal security. However, due to the volume of devices and the range of manufacturers who may end up in the same environment, it’s next to impossible to ensure the highest level of security in each one. Therefore, securing everything at the network level ensures that threats never have the opportunity to reach the devices. In addition, if manufacturers use virtual SIMs, they can easily be upgraded with security applets from the network itself with minimal hassle.
There is an abundance of approaches for dealing with the cybersecurity gaps that exist in IoT deployments. As the market is set for hyper-growth, we can expect to see a growing ecosystem of companies offering solutions for IoT cyber security, at the hardware, software, communication, and network levels.
We are already seeing cybersecurity companies expanding their offering to address the specificities of IoT, as well as leading device and software manufactures taking a stance on security and aiming to integrate it into their products.
National bills and regulations, as have been recently passed in the United States and Australia define basic guidelines, but do not give organizations the tools they need to comprehensively protect themselves.
Moreover, as in most cases, vendors are playing a cat and mouse game with threat actors, covering one entry point, while leaving others exposed. Organizations that methodologically take a security-first, network-based approach to their networks and IoT deployments have the advantage of scalability, flexibility and being device agnostic, thus increasing their security posture in this ever-evolving threat landscape.
The right approach to security will ensure that IoT devices make it easy for all of us – except threat actors.
Adam Weinberg, Founder & CTO, FirstPoint Mobile Guard (www.firstpoint-mg.com), applies his extensive executive R&D experience in communications intelligence and cyber technologies in shaping FirstPoint solutions, which secure any SIM device, anywhere, against cellular network-specific attacks, app-free and without user intervention.
The post IoT – It Just Isn’t Safe – But it Can Be appeared first on ReadWrite.