The internet of things (IoT) is a trend that is gaining steam. Gartner’s Top 10 Strategic Trends for 2018 report estimated that the number of connected devices will reach 21 billion by 2020. As IoT begins to leverage the power of artificial intelligence, companies will benefit financially from the deep insights gained from sensor data. McKinsey Global projected that IoT will add anywhere from $3.9 trillion to $11.1 trillion per year to the world economy by 2025.
Like most revolutionary technologies, IoT creates risk along with value. With its connected devices, IoT adds numerous endpoints, increasing the attack surface of your business. IoT vulnerabilities mean that your security chain must run from your business, through your network, and all the way to your devices.
Here’s a closer look at some of the security vulnerabilities in IoT:
In 2016, the Mirai Botnet staged a massive distributed denial of service attack (DDoS). The attack crippled Dyn, the provider of domains for high-profile companies including Twitter, Netflix, and CNN. Traffic created by the botnets reached 1 TB per second, making it the largest DDoS attack ever recorded.
Another victim of the attack was the website of security expert Brian Krebs of KrebsOnSecurity. KrebsOnSecurity reported that, in attempts to knock the site offline, botnets created traffic that may have reached 665 GB per second. In response, the U.S. Computer Emergency Readiness Team (US-CERT) issued an alert of a heightened risk of DDoS attacks.
Weaponized IoT devices. The hackers had hijacked IoT devices using default passwords and turned them into botnets. If companies want to maintain control over their IoT devices, they need to create stronger access controls. This process starts with changing the easy-to-crack default passwords set by manufacturers and installers.
IoT applications pose another point of vulnerability. For years, cybercriminals have been exploiting mobile applications to infiltrate companies’ systems. Now IoT applications provide fertile ground for planting the seeds of malware.
Like mobile applications developers, IoT application developers sometimes skimp on security in the rush to get their work to market. Ponemon Institute’s 2017 Study on Mobile and Internet of Things Application Security found that 75% of respondents felt that pressure on the DevOps team results in security flaws in application code. 58% of respondents said they worry about IoT applications being hacked.
Stolen IoT Data
For IoT to work, streams of data must be transmitted from sensors to your data center. Connected devices may be located in a warehouse, at a production facility, or in the field. Information from these devices needs to travel across a network to reach the cloud or your on-premises data center. While in transit, this valuable data is vulnerable to being stolen or compromised.
End-to-end encryption ensures that the data you need to maintain your equipment and make smart business decisions stays secure. Data from IoT sensors can be encrypted so that it can only be read by authorized senders and receivers. Complex algorithms render sensitive information incomprehensible while in transit.
Prevent an IoT Security Disaster
As IoT becomes a bigger part of business operations and municipal infrastructure, the possible consequences of cyberattacks on the technology become increasingly dire. An attack on your company’s connected devices means losing control over the equipment you need to stay in production. An attack on an oil refinery or power plant might hold an entire community hostage.
InfoSystems can help your company develop a roadmap to security, allowing you to take advantage of technology trends while avoiding the risks. We give your business access to security tools from leaders in IT security so you can innovate while meeting the highest standards of protection and compliance.
Is your business doing all it can to secure its technology assets? Find out from an InfoSystems security expert.
You can also get our white paper, How to Safely Store and Secure Data.