Can you remember the time when the Internet of Things was nothing but sci-fi? The future is finally here, seemingly turning our lives for the better. While businesses thrive on big data, the rest of us get to enjoy all the benefits of clever refrigerators, wearable tech, and package tracking.
But, as much as smart houses and connected hospitals make the Internet of Things (IoT) one of the greatest technological breakthroughs since the wheel, the security risks it poses are straightforwardly nightmarish. 2016 will go down in history as the year hacking went mainstream, with at least five IoT-related cyberattacks endangering not only the corporate world, but public safety as well.
These are the top 5 security challenges in IoT for the year 2017 and beyond.
The main idea behind the Internet of Things is to improve the quality of everyday life and to drive the business world forward by creating a comprehensive network of smart devices able to communicate and exchange information among each other. But, what’s swell in theory can be unsafe in practice.
The greater the number of plugged devices, the more successful the IoT project. But also, the bigger the risk of security breaches. If there’s only one weak link in the chain, a single vulnerable device in the network, the entire chain is compromised, and the entire system is open to cyberattacks.
That’s exactly what happened to the San Francisco Municipal Transport Agency, where not one, but over 2,000 devices were completely locked with ransomware. Though this was a major security threat in the world prior to IoT as well, the risk today is even greater. Think smart hospitals, for instance.
Instead of single-target ransomware, we’re now facing a scenario in which entire organisations can become victims of extortion. This can lead to theft of competitive intelligence and intellectual property, but not only that – terrifyingly enough, critical infrastructure is endangered as well.
A similar attack on the city of Lappeenranta in Finland only goes to show that securing the Internet of Things is, in fact, a public safety issue. Unfortunately, it also proves just how vulnerable our public safety currently is. In November 2016, cybercriminals knocked out the heating control system in two buildings, causing a chill-out that lasted for more than a week. And, this is not the only reported case.
Imagine what this could mean for our traffic lights and GPS tracking systems, or even worse, our power plants and water services. Cybercrime is no joke, and the Finland case unfortunately sheds some light on what our public safety could look like in the future if we don’t learn to successfully fight it. For the time being, constant network monitoring seems like the only viable safety solution we have.
What actually happened in Finland was a lesson on increasingly dangerous DDoS attacks. Otherwise known as a distributed denial of service, this technique uses botnets as its main weapon, and targets embedded devices like DVRs, IP cameras and routers, knowing that most of them are old and unprotected. Together with out-of-date software versions, default passwords make an easy target.
In 2016, the largest DDoS attack brought down Twitter, Spotify, SoundCloud, Shopify, Netflix, GitHub and Etsy, among other popular sites, and all thanks to the same Mirai botnet. The thought of disruption in world-wide connectivity that such attacks can cause is a terrifying one, particularly when we have in mind that a target can be virtually any device. The Finland attack made that perfectly clear.
When we’re talking about all the benefits that the Information Age and the Internet of Things have together gave us access to, data-based decision making imposes itself as arguably the best boon. In fact, that seems to be the leading reason why a vast number of savvy entrepreneurs decide to take cybersecurity risks – the strategic advantages promised by big data are simply too good to refuse.
But, the volume of data that IoT spurs has already exceeded our expectations, thus leaving us unprepared for potential thefts. With around 150 million data points generated across 10,000 households, the network is compromised by the same number of vulnerable spots and entry points for internet thieves, hackers, and DDoS attackers. And, SaaS and IaaS providers have the most to lose.
If the cloud isn’t safe, then what are organizations, enterprises, and small businesses supposed to do with their sensitive data? Personal information is endangered too, with privacy issues becoming a bigger concern every day. In spite of all this, the Gartner report predicts that the number of connected devices will surpass 20 billion in the next three years.
Even if organizations do find new ways of defeating malware, chances are that cyber villains will still be one step ahead of our protection strategies. Social engineering – the art of manipulating people so they give up confidential information – is already one of the bigger threats to internal infrastructures.
The problem is, internal threats cannot be detected as easily as other types of cyber-attacks. They operate not only by targeting social media and personal emails, but also by using inventive techniques such as man-in-the-app and credential theft, all of which require a defence system that would be a little more sophisticated than our traditional URL filters or email scans.
Then again, the most problematic and dangerous part of internal attacks is social engineering itself. And, since actual manipulation and threats start to occur only after the network defence has been bypassed, our chances for detecting them before it turns too late are very thin. When cyber safety protocols fail, the only thing we’re left to rely on is our judgment of human behaviour. Further, it is the responsibility of IoT application development company as well to ensure that right security measures in place before commencing DevOps.
The future of cybersecurity in the connected world might not look very bright, but at least we’re aware of both our own weaknesses and the attackers’ strengths. Currently, the uncontrolled volume of data, unsecured devices, and poor industry standards for cybersecurity guidance present our biggest challenge. The sooner we start solving them, the sooner the Internet of Things will be safe.