IoT Connectivity Spree: Ignore Security at Your Peril
Adopting IoT has proved to be immensely valuable for both B2B and B2C companies. There is no limit to the benefits companies can reap – from understanding customer preferences to improving operational efficiency and creating new channels of revenue generation.
The opportunities are boundless in IoT because, with the right technology, virtually anything can be connected to the internet. Look at the figures – the number of connected devices jumped by 15 percent to reach 20 billion in 2017, per a report from IHS Markit. While that’s an enormous number of devices as is, a different level of complexity is brought in with a majority of these devices being very distinct from each other in terms of hardware, operating systems, memory, and more. In the race to connect to all possible things, companies are creating products and implementing IoT solutions with little concern for security.
Connected devices are always-on and generate a considerable amount of data, making them high-value targets for attackers. Imagine trying to secure billions of devices, most of which come with diverse hardware and have different applications running with different protocols. Moreover, it is hard to upgrade or patch IoT devices and most of them were not built to run third-party security solutions. For instance, it would be quite tough to install an antivirus on a Nest thermostat or a smart fridge.
We have already seen many cases where hackers exploited these devices and wreaked havoc. In 2016, there was a DDoS attack on Dyn, a DNS provider that maps domain names to corresponding IP addresses. The attack reduced internet speeds to a crawl, leaving major websites inaccessible to users across Europe and North America. Millions of ordinary connected devices such as set-top boxes, baby monitors, printers, and webcams were used to prevent Dyn from connecting users to websites such as Amazon, Twitter, PayPal, Netflix, etc. A program called Mirai converted the IoT devices into bots that instigated the attack.
Securing IoT devices is inherently difficult and in light of the recent breaches, organizations cannot afford to overlook IoT security. In his article, “Don’t get caught in an IoT security nightmare”, Dean Hamilton, GM of Accelerite’s IoT business, discusses the need for organizations to develop an IoT security competency and implement an IoT risk assessment program. Read the complete article here.