IoT, as with every new technology, holds true the dichotomy between enthusiastic adoption and reasonable caution. There are inherent weaknesses in any system, and new tech such as IoT poses a higher cybersecurity risk while its vulnerabilities are still in discovery.
New technology opens up the possibility for malicious hackers to find loopholes and exploit them, specifically targeting all early adopters. The most recent wave of innovation with growing popularity throughout both B2B and B2C markets is the Internet of Things (IoT). IoT is a manufacturing philosophy base on the idea that because every common household or office device can be given Wi-Fi capabilities, they should be. However, network and security admins know that this is an incredibly insecure policy.
Internet of Unsecured Things
A recent survey revealed that 94% of IT security professionals believe that IoT will soon bring unprecedented waves of malware attacks, and with incredibly good reason. Inherent to the very nature of the IoT is custom hardware consisting of several embedded processors, ASICs, and other miniaturized computer components. Unfortunately, in the drive for profit, many of these devices are not designed with complex security software or even to be upgraded. Often the devices are not capable of receiving software or firmware updates to patch security vulnerabilities that are found post-manufacturing and shipment. This leaves every IoT item, from your smart fridge to your wireless security cameras, at risk without available security solutions.
Recent IoT Attacks
Unsurprisingly, the surveyed security pros were on the right track and IoT attacks have already begun. In September 2016, a malicious botnet using Mirai swept across the world targeting insufficiently secured IoT devices, brute forcing its way in, and gaining control of the device. During this particular wave of attacks, the owners of the devices were not the targets, but rather the attackers targeted the device’s ability to access the web. This tactic was used en masse to deploy a DDoS attack, flooding the bandwidth of many well-known websites. The attacks haven’t stopped there, and as could be expected, they’re getting worse. In March, there was another major attack with something similar to the Mirai Botnet targeting Linux/BusyBox devices. This wave was much closer to the dreaded Ransomware trend, specifically seeking to corrupt the storage, disrupt connectivity and performance, then wipe all files.
Security and Monitoring
One of the core problems with integrating IoT devices into a business is that they cannot be properly secured. With a myriad of operating systems and proprietary software, there is not yet a practical way to secure and then monitor every one of them as an access point to the company network. Until a clear security solution is found, IoT becomes a nightmare for any network security professional whose normal job is to know every access point and keep it either firmly shut or carefully monitored. Currently, the most common solution is to keep your IoT devices on the other side of a firewall but even this still leaves them open to be individually corrupted and usurped into the ranks of a malicious botnet. The IoT dream of wireless everything isn’t actually impossible. With collaboration between third-party manufacturers and modern business security software, improved security measures and unified monitoring dashboards can be created to make IoT devices more practical in the business environment. Unfortunately, we’re just not there yet. Currently, anyone who incorporates IoT technology, especially into their data management or security systems, is putting themselves at serious risk. IoT is the new darling of botnet hackers for the same reason that the IoT owners bought the devices: because it is new, interesting, and remarkably convenient to get access to from anywhere.
Michael Durante spent his teenage years into his early 20s climbing the ladder in a branch of a successful banking firm, starting as a teller and ending as a Sr. Branch Manager within 6 years. In 2003, he left the banking world to join his father and create TIE National, a telecom company 60 years in the making. Together, they grew the company from a two-man operation solely working on telephones to a multi-million dollar international business with employees in over a dozen states, covering everything from phone systems to cloud products and computer systems. You can find Michael on LinkedIn.