As the number of connected devices grows into the tens of billions so, too, come increased risks of attack by hackers. As a result, we are entering a period of cyber insecurity as devices that are part of the Internet of Things proliferate.
Easier Technology, Easier Attacks
We are in the midst of a computing boom. Technology in our phones, routers, and modems is more powerful than what was capable by PCs 20 years ago. Smart devices – cars, thermostats, televisions, refrigerators, and lights – make our world easier to navigate.
However, with this new technology comes increased vulnerability. The risks are very real. Consider these recent examples:
- A French web hosting company was targeted by two Distributed Denial of Service (DDoS) attacks. The source of the attacks was traced to vulnerable routers, cameras, and digital video cameras.
- At a recent conference, a researcher examined security flaws in 30 different popular home routers … and could break into half of them.
- The 2016 attack of Dyn, a domain name server that powers major sites such as PayPal, Pinterest, Reddit, and Spotify, was blamed on connected home devices.
One of the challenges is that consumers are likely less diligent about internet security than corporations. They are far more likely to unbox a new item and connect it to a wireless account in their home … and forget about it. As the number of consumer-focused IoT products grows, so grow the risks.
Companies and the IoT industry need to be increasingly vigilant to combat cyber attacks.
Inexperienced Consumers and Producers
Many of the companies producing these goods are small startups, without the right focus or expertise in cyber protection. Their software code is more vulnerable and they have not thought through patch management that can keep out threats.
Companies often are sharing software tools or using open-source code that can be easily hacked.
- IoT firms should take a more proactive approach to cyber security. Industry standards should be established with third-party validation of adherence to standards. Otherwise, companies and the industry risk losing public confidence or government oversight.
- Companies need more due diligence of IoT partners. They should consider quarantining systems – servers, desktops, laptops, and phones – on a corporate network from contact with IoT devices.
- Insurance underwriters should assess whether policyholders are using security products and services, with an emphasis on encryption.
- Companies should invest in tools that strengthen their security. VPN software solutions are a safe way to protect servers and computers from coming under attack. Specially built routers and other security devices should be used. Tools to consider: a NetFlow analyzer to track IoT device “conversations”; an IP address management tool; and deep packet inspection. Active network monitoring is necessary to notice unusual activity and act fast.
- Assess all three components of an IoT environment separately: the devices themselves and the sensors and beacons embedded within; the gateways used to communicate with the devices; and the servers that support them.
Industry commitment and additional awareness for consumers and corporate users can go a long way towards eliminating the pernicious and ongoing threat to devices and networks.