Consumers and businesses everywhere are getting used to the notion that critical data gathering, processing, and analysis are now being fulfilled at the far edge of technology infrastructure. The Internet of Things (IoT) is the key driver of this trend, with 64 billion IoT devices estimated around the world by 2026. According to Business Insider, spending on IoT devices, solutions, and support systems is expected to reach nearly $15 trillion.
IoT activities span everything from smart homes and smart cities to fitness monitoring and inventory control. As soon as the end this year, there will be an estimated two to six connected IoT devices for every living person on earth, far eclipsing the combined number of smartphones, tablets, and computers.
Let us begin learning about IoT cybersecurity beginning with the risks.
Growing IoT Cybersecurity Risks
Of course, the rapid growth of the IoT market also brings significant cybersecurity risk. Attacks on IoT devices tripled in the first half of 2019. The Symantec 2019 Internet Security Threat Report shows that cyberattacks on IoT environments are rapidly evolving in sophistication. This includes bots or worms that can compromise smart devices such as Linux-based internet routers, for example, and leverage them to commit additional crimes such as the denial of service attacks or illicit mass marketing. Attacks on industrial control systems are also increasing, as are attacks on military and business infrastructure.
A key challenge in building security protocols for IoT is that there is a lack of standards available, thanks to the complexity of the IoT ecosystem and a huge number of devices from a wide range of vendors worldwide. The Department of Homeland Security’s Science and Technology (S&T) Directive has recently created a set of best practices that enterprises can follow to secure their IoT systems. The directive breaks down security into three distinct segments:
- Detection: Understanding exactly which IoT devices and components are connected to a given network or system.
- Authentication: Verifying the identity and origin of IoT devices to detect and prevent spoofing.
- Updating: Continually maintaining, updating, and upgrading IoT security capabilities to stay ahead of hackers and cybercriminals.
With those basic guidelines in mind, companies are learning to tackle IoT security breaches with tangible new strategies, according to a recent list of solutions. Among the most effective strategies:
- Maintain accurate data on each IoT device to gauge the level of potential risk
- Proactively identify cyber threats to anticipate and prevent breaches
- Restrict access to sensitive data
- Continually monitor who is accessing each device
- Frequently backing up all the data the IoT device gathers
These core steps provide a roadmap that cybersecurity professionals can follow to create a comprehensive IoT security framework.
Learn to manage information security with more clarity with the Ethical Hacking Certification Training. Enroll today!
Common Vertical Markets Using IoT
To illustrate how expansive the IoT universe now is, Deloitte recently outlined several key industries and market segments that are excelling at IoT utilization. The growing number of use cases is an indicator of not only how broad the impact of IoT is on society, but also how many entry points exist that hackers and cybercriminals can exploit. The list includes:
- Healthcare and life sciences - Patient care, remote diagnostics, bio wearables, food sensors, and equipment monitoring
- Smart homes - Wearables, smart thermostat, smoke alarm, refrigerator (and other appliances), and home security
- Cities and infrastructure - HVAC, smart cities and buildings, waste management, and electric vehicles
- Transportation and urban mobility - Traffic routing, telematics, smart parking, and public transport
- Industrial systems and sensors - Measuring speed, temperature, flow, pressure, light, and position of various systems
Let us next look at some of the examples of breaches of IoT Cybersecurity.
Examples of IoT Cybersecurity Breaches
There is no shortage of stories that demonstrate how common IoT security breaches are. Many seem almost too bizarre to be true, but they are! Take two examples featured in CISO Magazine. The first showed how hackers stole identity and bank details from individuals through remote access to a coffee machine. Smart coffee machines let owners control them remotely with their smartphones, even giving voice commands via Amazon Alexa that can be compromised. Coffee machines just aren’t designed for security and provide a convenient attack vector to access connected systems.
A second example comes in the form of connected network printers. According to research firm Quocirca, 60 percent of businesses in the UK, US, France, and Germany suffered a printer network data breach in 2019, costing companies an average of more than USD 400,000. Hackers use printers, which are usually not very well secured, as an ingress point to the network and can even be recruited as part of botnets that are used to perpetrate DDOS attacks within the organization.
Training to Protect IoT
Strong cyber protection of IoT networks starts with trained cybersecurity experts who are proficient in protecting infrastructure, securing data and information, running risk analysis and mitigation, architecting cloud-based security, and achieving compliance. The Cyber Security Expert Master’s Program or additional certification in IoT systems can give cybersecurity professionals an extra edge as they attempt to protect the entire infrastructure from central systems all the way out to the IoT edge.