Much hype has been going around the term ‘Internet of Things (IoT)’. Some may have just heard about it, some may have read about it, and some may be completely aloof about the term altogether. To put it differently, IoT has not yet rung a bell for enterprise owners and consumers. It carries the risk of being ignored or dismissed as just another trendy Internet jargon that comes and goes like any other fancy Internet thingy does. And if this conception remains unchanged, then it is only a matter of time before business owners would have to bite the bullet and find themselves in a half-prepared situation to tackle the potential threats or liabilities that IoT will carry with it. This write-up attempts to throw some light on some of the potential security predictions for the Internet of Things.
So, what is Internet of Things (IoT) anyway?
If your refrigerator, lamp, oven, television, car, or any other physical object is connected to the Internet and is able to exchange data with other connected objects, then you are basically making use of a network called the Internet of Things. The ‘things’ in this term refers to everyday physical objects ranging from home appliances to entire factories, that are assigned a unique IP address and are interconnected to other such objects without any human interaction.
According to a Gartner report, about 25 billion devices/objects will be connected to the Internet by the year 2020. And this only boils down to one simple fact – business owners need to embrace or rather prepare themselves for the gargantuan flood of data that will be flowing across all these devices. And one of the crucial steps of this preparation is to gauge at the possible and potential security predictions of IoT; briefly described as follows:
1. Distributed Denial of Service (DDoS) Attacks will be a lot harder to manage with IoT
A malicious attempt to disrupt the operations of a server or a network to make it unavailable to its intended users is known as a denial of service attack (DoS). This type of attack employs one infected device (known as a ‘bot’) and one Internet connection. In a DDoS attack, multiple devices (together known as a ‘botnet’) and an Internet connection are used. It may be worthwhile to predict that the very technology of IoT could be exploited to intensify DDoS attacks, simply because of the ocean of devices interconnected in a network. More number of these devices means a larger botnet to control for attackers, which logically increases the risks of bigger and more intense DDoS attacks.
2. IoT devices with security vulnerabilities will be on the hit list of attackers
In the present scenario, about 70% of Internet of Things devices, such as smart TVs, smart homes, webcams, and thermostats to name a few, are vulnerable to hackers due to their high percentage of security vulnerabilities. Reportedly, most of these devices use unencrypted network services; which is bad news for the safety of sensitive information such as name, email ID, credit/debit card number, etc. Again, the web interface of most of these devices was found to have multiple security holes such as cross-site scripting, and weak credentials. Another disturbing fact with these devices is that, they use mediocre authorization that fails to vet passwords for their strength (characters used) and length. So, if a handful of devices are riddled with unmanaged or overlooked security vulnerabilities, then we can have a rough guess about the magnitude of the risk that 25 billion devices will have when IoT kicks in with full force. Managing such vulnerabilities will also be a challenge for IT admins given the fact that they would have to devise a system that can figure out how soon a vulnerability can be patched and how to prioritize the patch process.
3. Identifying the right defense for the right device will be challenging
It can be safely assumed that every ‘everyday’ object is a potential candidate for the IoT network. And as the technology grows, so will the challenge of identifying the right security measure for these devices. If we talk of the health care industry, medical devices play an extremely crucial role. And when these devices are looped into an IoT network, the stakes will be higher. This is simply because, even a minute disruption in the working of these devices, due to a security vulnerability or a cyberattack, can have an unpleasant consequence on a patient’s livelihood. So, arresting such potential issues by implementing a well-thought out security strategy could be a challenge for enterprises. It is important to understand that, to tackle such problems, an effective risk assessment methodology would become imperative, which is in itself, another challenge to take care of.
4. Small and medium enterprises will have a hard time adapting to IoT
A majority of small and medium businesses still lack the security infrastructure to safeguard their operations and data from attackers. And as IoT brings along with it a promising and lucrative prospect of profit and productivity, it is only logical to guess that businesses of all sizes would willingly embrace this technology. But, will they be able to strong-arm cyberattacks then, when they are not even prepared for the present day’s threats? While large enterprises may eventually deploy the necessary defense against IoT threats, small businesses will see this as a herculean task. And if they choose not to exploit the IoT trend, then they will have to make peace with mediocre growth and profitability.
To sum up this discussion, it should be kept in mind that where the most popular technology goes, cybercriminals follow. And Internet of Things, could be, by far the most popular invention since the Internet.