The Internet of Things still is a security nightmare. Both in consumer applications and industrial applications, there are many questions that need to be solved.
When Accenture looked at the slowing down of the consumer electronics market at the occasion of the Consumer Electronics Show 2016, the company observed that in order to bridge the gap between the current decreasing growth of the consumer electronics market and the next stage of increasing growth, which is expected to be driven by consumer applications in the IoT space and wearables, vendors need to address these security challenges.
The Internet of Things Security Dilemma
As mentioned, the many Internet of Things security challenges are not just in the consumer electronics space. In business applications, the security challenges of a hyper-connected Internet of Things reality are at least as high, not to mention the impact on IT infrastructure and data capabilities.
In the Internet of Things, sensors and devices communicate with each other; and through gateways, connected to an Internet of Things platform, the various applications of the company are fed and triggered. Obviously such a platform needs to be highly secure as do the communications between sensors, gateways and the platform.
In a SlideShare presentation The Motley Fool summarizes some aspects of the Internet of Things Security Dilemma.
They mainly touch upon the impact on networks and information, the protection and funneling of data, the lack of standardization across networks and application programming interfaces (APIs) that inevitably come when devices and software interact and are interconnected and, last but not least, the disconnect between de facto expected security breaches in IoT and the efforts that businesses are doing to tackle with these security challenges.
More in the IoT Security Dilemma presentation below.
Cybercrime meets Internet of Things security
Connected devices and the internet of Things are increasingly used for large scale attacks.
Several DDoS attacks have been reported throughout 2016, including the up to 620 Gbps DDoS attack which made the website of well-known security journalist Bryan Krebs go down end September 2016. The attack received a lot of attention, also because it was related with other issues such as free speech (Krebs was attacked by hackers after exposing a network of hackers for hire, the attack was so intensive that Akamai had to stop protecting Kreb’s website against DDoS attacks and Google put the site in its Project Shield).
Fears are high that soon such attacks and even more intensive ones will become the norm. And it’s not just about DDoS attacks. Ransomware is also moving to the Internet of Things and security experts warn for cascade effects of exploited vulnerabilities in the connected reality which the IoT is. On top of the security challenges, compliance and data privacy also need to be tackled.
Among the many reasons why the IoT can be exploited so easily in several cases are:
- Vulnerabilities in the devices.
- Difficult or non-existing procedures to patch IoT devices.
- A lack of awareness in and support from the boardroom.
- Too much focus on saving costs in IoT projects and not investing in essential security controls.
- Not enough attention for security overall and for the ‘perimeter of everything’ which is simply needed in the Internet of Everything.
Internet of Things security priorities and evolutions
Before embarking on an IoT project journey, it’s important to realize that security is not an afterhought and is an end-to-end part of any digital strategy.
Many IoT enterprise security professionals still are not monitoring IoT devices in real time, a situation that is expected to change throughout 2017 and 2018 as security gets more attention and IoT platforms with IoT device monitoring are leveraged rapidly.
Other evolutions and facts you can expect on an IoT security level include:
- Continued breaches as the industry players step up the security pace to become trusted partners.
- More sophisticated threats and a more sophisticated usage of devices that are out there already and need an urgent solution.
- A potential delay in the Consumer Internet of Things picking up.
- Changes in the ecosystems used to deploy IoT projects.
- An increasing choice for the most secure connectivity options, depending on the use case.
- Different ways of handling data and on securing the endpoints where data is generated.
- Organizations will invest more in IoT device, discovery, onboarding and monitoring to gain visibility and be able to do real-time monitoring.
Top image: Shutterstock – Copyright: BeeBright – All other images are the property of their respective mentioned owners.