IoT Security Concerns Increasing as Device Usage Spikes
The explosive growth of Internet of Things (IoT) devices and data analytics technologies may transform business productivity, but they’re also spurring concerns about IoT security. These devices are showing up in corporate conference rooms, offices and building camera systems — and security experts say the industry isn’t doing enough to protect them.
Because IoT devices are becoming ubiquitous, businesses need to take action now. By 2020 there will be 34 billion devices connected to the internet, compared to 10 billion in 2015, according to Business Insider. The publication also believes businesses will be the biggest adopters of IoT platforms. A cyberattack on an IoT device has the potential to cripple an IT infrastructure as well as public services.
IoT Security Poses a Greater Challenge for IT
IoT devices are increasing the security problems traditional networks face because there are more potential entry points and it’s not easy to patch them when security flaws are found, notes Timo Elliott in ZDNet.
One of the main issues is that firmware is not updated on a regular basis, as companies don’t want to disrupt users, Craig Young, a cybersecurity researcher at Tripwire, told CSO. Meanwhile, there have already been a number of breaches and tests that illustrate where attackers can penetrate systems. In one case, researchers at the University of Michigan were able to hack into Samsung’s SmartThings automation platform and get the code to the front door of a home. According to Wired, there have also been documented examples of hacked medical devices like pacemakers and drug infusion pumps that deliver morphine, chemotherapy, antibiotics and even cars.
In terms of specific types of malware, not enough attention is being paid to IoT ransomware, according to newly launched non-profit IoT Security Foundation. People tend to view it in the same way as traditional ransomware, but there are key differences: When hackers seize a laptop, PC or smartphone and encrypt files, users are typically left with no other recourse but to pay to get their files back. Because most IoT data is stored in the cloud, though, that isn’t a feasible option. Even if data becomes encrypted there isn’t much incentive to pay the ransom, says the Foundation’s Ben Dickson. So hackers will try new approaches, such as giving a power company 30 to 45 minutes — instead of hours — to pay in bitcoins once they hack a power grid.
Disturbingly, there are not many security apps available to monitor IoT devices and apprise users of new attack vectors, or any recent compromises that would demonstrate these vulnerabilities.
What’s a Business to Do?
All of this means companies need to be even more diligent about the security measures they take and deploy a multi-layered approach to IoT security. This includes using tokenization and end-to-end encryption. Elliott also advocated buying secure sensors from reputable companies, using isolated systems when possible and minimizing data traffic and storage.
The IoT Security Foundation has come up with guide of principles tech providers, IT and developers should consider when designing an IoT device, system or network. Although there are security design challenges with IoT devices, it is critical for developers to take measures like hardening the device to safeguard information traveling to the cloud is secure. Users must also do their due diligence and continuously monitor and upgrade systems to ensure they are protected from the latest forms of attack.