[Last updated December 10th, 2017 at 11:39 pm]
Internet of Things (IOT)
As per Gartner report, there are approximately 6.4 billion connected devices (Internet of Things) in use worldwide in 2016, and that number is slated to reach 20.8 billion by 2020 ~ 1. In this quickly evolving world, all the things that connect to the Internet are exponentially expanding that attack surface for hackers. An HP study shows that 70 percent of IoT devices contain serious vulnerabilities. There is undeniable evidence that our dependence on interconnected technology is defeating our ability to secure it.
When we talk about interconnection, we usually think in terms of computers, tablets and smartphones. The Internet of Things (IoT) describes a world where just about anything can be connected and communicate in a “smart mode” by combining simple data to produce usable intelligence. With the IoT, the physical world is becoming one big information system with the ultimate goal of improving quality of life and empowering new business models.
This means that more personal information and business data will reside in the cloud and be exchanged between thousands of devices that may have exploitable vulnerabilities. One weak link in the security chain could provide hackers with nearly limitless doorways that could be unlocked and lead to sensitive information.
Two sides to the IoT security coin.
The Internet of Things includes a vast and ever-growing array of networked devices—including smart meters used by utilities, medical devices, home appliance and security systems as well as sensors that do everything from supporting public safety to automating manufacturing processes.
When it comes to security and the IoT, executives face a two-part dilemma. The first is mitigating the risk of vulnerabilities created or compounded by networked devices. Organizations must consider the possibility of a huge increase in unknown vulnerabilities at the device level, as most lack antivirus or advanced endpoint and threat detection capabilities, they also can make a business vulnerable to intrusions and attacks. Even a company’s network carrier can be affected if attackers use IoT devices to generate massive spikes in network traffic.
The other side of the IoT security dilemma is being protected from devices—that is, addressing the risk of the “things” themselves becoming vehicles for an attack. For example, in the past utility customers may have worried that a meter reader would forget to close a back gate, leaving the house un-secure. These days, they want assurance that they’re not letting a nefarious robot into their homes—putting data privacy and personal safety in jeopardy. On a broader scale, hackers could potentially take control of thousands of smart meters, wreaking havoc on the electrical grid.
Healthcare is another area where vulnerabilities could be devastating. Imagine a patient receiving an email threatening to alter his or her pacemaker’s performance unless a ransom payment is made. It may sound far-fetched, but healthcare has become a frequent target. Already, numerous attacks have blocked hospitals’ and other providers’ access to their own data. Networked medical devices provide another potential avenue for such schemes.
Mitigating the threat of ‘things’.
Irrespective of an organization’s interests around the IoT, the time has arrived to start taking proactive steps to ensure security. In the end, the full vision of the IoT may or may not come to pass, or it may take longer than some predict. What is undeniable is that connectivity is exploding. People may be unaware of how the IoT functions, they will expect it to be secure. Similarly, they will be largely clueless to the potential impact they (and their new gadgets) have on the threat landscape, and thus cannot be relied upon to maintain security capabilities on these devices. As a result, the burden of protecting organizations from the possible wave of new, larger threats falls to the security operations teams.