Internet of Things (IoT) is taking the tech world by storm; it’s the great enabler of our digital future. With promises to make our lives easier the excitement regarding IoT technology is quite natural. Right now there are more than 23 million active Internet-connected devices around the globe, and with the statistical forecast for that number to double by 2023, it’s safe to say that we’re heading for the digital future.
While we’re making huge strides to harvest the benefits of IoT, we might need to take a step back and realize that we should treat such tech as our computers and mobile devices. Getting to grips with the idea that IoT devices are susceptible to malware and must be kept secure is vital.
There’s no denying, these are the days of big data and businesses realize that IoT tech can come in handy in gathering vast quantities of information efficiently. In fact, IoT devices are estimated to make data collection so effective that according to Cisco by the end of 2021 such tech will generate up to 1.7 zettabytes of data per month. The stakes are high, we must take appropriate precautions.
Massive data breaches over the past few years, including Facebook and Equifax, are getting significant coverage in the mainstream news cycles. It’s clear that the Internet has had a lasting impact on contemporary business practices. Over time, virtual security and data protection have become standard practice among enterprises. Nevertheless, the landscape’s about to evolve again due to the influx of IoT tech.
An independent study carried out by Ponemon Institute and Shared Assessments indicates that the majority of companies are extremely concerned about a security breach; however, at the same time, third-party risk management remains an afterthought. That same paper notes that cyber attacks related to IoT devices have increased from 15% to 21%. The study goes further to showcase what may lie at the root of the problem: many boards of directors fail to understand the cybersecurity risks associated with Internet-connected technology.
Realizing that IoT devices increase the number of access points to the network and that those access points can be possible intrusion vectors for the hackers, might be the first step towards proper third-party risk management.
As noted by the Department of Justice’s statement, in 2016, Dyn, a company which monitors and routes Internet traffic, has been a victim of a DDoS attack perpetrated by the “Mirai” malware that was designed to use a botnet of IoT devices (without the user’s consent) to instigate massive Internet traffic on specific web pages. In turn, websites relying on Dyn’s operations were rendered inaccessible.
That’s just a single case out of many regarding IoT security vulnerabilities. The issue is very real with potentially disastrous outcomes on the average internet user. Unless appropriate measures are taken, malware can spread via a network of IoT devices without requiring any user interaction at the point of execution, i.e., a user doesn’t need to launch a file or open a link for the malicious program to act. There are ways to partially tackle these threats, such as installing a VPN on your home network, but there only and the handful of people who are aware of the possibility of such threat and even a smaller number who know how to avoid them.
At the moment, the only good news is that quite a few organizations realize the importance of securing their IoT devices. How much of that’ll be beneficial remains questionable? With reports stating that organizations can’t even inventory their IoT devices, the forecast for future security breaches is bleak at best. Consequently, inadequate approach towards the virtual security of IoT technology puts personal users’ information at risk of exposure to devious third-parties and we’ve been down this road before.
Taking conventional precautions in regards to IoT technology might be beneficial. However, getting ahead in the race of what’s known as virtual security is what large companies must to do so we’d no longer have to read those long public apologies regarding yet another data breach.