The Internet of Things (IoT) has the potential to improve make life easier, but it also opens a new avenue for cyber attacks. Producers, users and cybersecurity professionals need to be proactive when it comes to security.
Having an increasing number of objects tied to the internet makes life more convenient: individuals can monitor their health, make their homes more comfortable, get reminders for when it’s time to take their cars in for service and much more. The Internet of Things (IoT) has certainly made life easier, but it hasn’t necessarily made it safer.
Device manufacturers need to be aware that every connected object has the potential to invite the same level of damage as computing technology like computers, laptops, tablets and smartphones.
Unfortunately, the proliferation of connected devices sharing data has also given cyber criminals more inroads for accessing personal, confidential data.This growing area within internet-connected technology offers cybersecurity and information assurance experts both new challenges and opportunities.
The IoT Security Issue
Around five billion devices are already connected to the IoT. Technology analyst Gartner estimates this number will reach nearly 26 billion devices by 2020 and that 25% of cyber attacks in enterprises will involve these devices.
According to ForeScout survey results, 85% of those using connected devices aren’t confident they are aware of every device on their network; the same survey revealed only 44 percent of respondents have an IoT security policy.
Certainly information assurance for IoT devices is predicted to be one of the top cybersecurity trends in the coming year.
While many manufacturers are creating objects, machines and sensors that make life easier for both individuals and businesses, many are unaware about how to protect those items from cyber crime. A key part of this challenge is the wide range of operating systems and software used in IoT development.
IoT Data Breaches
One common method that IoT hackers use is a distributed denial of service attack (DDoS), which uses multiple internet-enabled devices to form a botnet, which sends requests to yet another machine, rendering that target machine unusable. Cyber criminals use this strategy to seek ransom money, or as a move in ongoing battles or for revenge.
In September 2016, Brian Krebs, a journalist who writes about cyber crime, himself became the victim of such an attack as his web server was targeted in one of the largest DDoS attacks to date. It was discovered that a botnet of the infamous Mirai IoT malware was responsible for the attack. The malware scans the internet for devices that still have factory-default usernames and passwords protecting them.
Many IoT device owners don’t change these defaults so Mirai has been allegedly involved in a number of large IoT data breaches and attacks. Most notably, an IoT Mirai botnet recently took out domain name system (DNS) provider Dyn, causing internet giants such as Twitter, Reddit, Netflix and Spotify to experience interrupted service and blanket outages.
A New Era for Cybersecurity
Internet-connected machines used during a manufacturing process may seem harmless, but they can be used as a gateway for cyber crime, as hackers can gain access to the manufacturer’s network.
Those who design and produce such machines need to develop an understanding of these risks, and take steps to maximize information assurance. They must also have warning systems in place so they can minimize the damage if an attack does occur. These measures should work seamlessly with other network components. However, simple security measures such as password protection and Wi-Fi keys may not be enough. Cybersecurity professionals will need to work with companies to include more robust solutions.
Any cybersecurity plan already in place should be modified to include IoT devices. Protective software should be installed on network systems, and all devices should be monitored closely. Personnel should be trained on how to safely use connected devices, and access should be limited to an as-needed basis.
Cybersecurity training and education will play an important role in this evolution as more and more companies implement new cybersecurity measures to address the rising threats from IoT devices.