The spaces around us – our homes and offices – are becoming smarter and smarter. Internet of Things (IoT) devices have greatly simplified our daily lives, and their use will continue to grow. Gartner says that the enterprise and automotive IoT market will grow to 5.8 billion endpoints in 2020, a 21% increase from 2019. But what are the risks associated with the adoption of connected devices? In today’s article, we’ll examine the vulnerabilities in embracing IoT technology, whether they differ in 2020 from those in previous years and how a more secure IoT environment can build customer trust in it.
Reference to the Internet of Things
Internet of Things (IoT) is a network of physical objects ranging from household appliances to enterprise and automotive endpoints embedded with sensors and software to connect and exchange data with other devices via the Internet.
IoT security-related pitfalls
In 2019, a survey of customers in Australia, Canada, France, Japan, the UK, and the US found out that 63 % of the respondents were concerned about how connected devices collect data about people and their behavior and name them “creepy.” In other words, security and privacy are top hacks associated with IoT devices. This will remain until 2025 due to a lack of skilled staff, changing threats, complex vendor landscape, and immature standards, Gartner says. What is so concerning is that security-related vulnerabilities affect IoT endpoints across many industries. Let’s have a look at some examples.
Healthcare
Recently, IoT hacks have been found in third-party software used for medical devices at hospitals. It has been revealed that the vendor no longer provides support to it, but some manufacturers still incorporate the software into various IoT devices for medical use. For example, this has been used for real-time applications in the emergency rooms and critical care units to ensure the medical devices’ accuracy and allow real-time response to events. Security-related vulnerabilities have also been reported in insulin pumps. Thus, hackers were able to change parameters by sending radio frequency signals and putting patients at risk. Besides, cybersecurity threats also affect medical images that can be used to spread malicious code.
Automotive industry
Hackers can hijack cars through third-party car alarms. According to the research, hacking smart cars includes different actions, like modifying car parameters, stopping a vehicle while in motion, communicating directly with a car’s host computer, eavesdropping on drivers via the SOS function, etc.
Industrial machines
Some researchers report radio frequency (RF) controllers in industrial machines like cranes to be a weak side that can be used for different class attacks. The researchers were able to switch on the equipment even if the operator issued an emergency stop. This was possible because this RF controller uses out-of-date proprietary RF protocols focused on safety rather than security.
Other
A new security gap associated with the Echobot botnet has been revealed with over 50 exploits that lead to remote code execution and command injection in IoT devices. This malware can affect a wide range of connected devices, inter alia, network-attached storage (NAS) devices, routers, security cameras, smart home hubs.
As you know, cybersecurity has always been a dynamic sphere, but now hacking activities are jumping beyond boundaries regarding IoT devices. We see as an emerging trend here that IoT security flaws affect not only personal or sensitive data but also human life and safety.
How to deliver more IoT assurance to customers?
Why is IoT device security so complicated? Many IoT devices were not initially designed with the security level that is the case for other IT systems. In other words, software used in IoT endpoints was not intended to be digitally connected elsewhere.
Here are some defensive strategies to mitigate IoT security risks.
Seek legal counsel
Whether in healthcare, the automotive industry, or elsewhere, IoT devices generate unparalleled data. Existing and upcoming laws like the European General Data Protection Regulation are intended to regulate data processing because data collected by IoT devices are sensitive and of personal nature. Businesses should ensure their partners and other stakeholders comply with relevant data security and retention guidelines for IoT device supply and maintenance. This regulatory compliance will entail large expenditures: $1 billion is predicted to be spent for security management globally.
Ensure continuous risks management
The average time to detect a breach in the Americas is 99 days, and the average cost is $4 million. That’s why companies and organizations should take advantage of data analytics to ensure CARTA – continuous adaptive risk and trust assessment. Ongoing assessment of your major digital partners’ risks is critical if you want to benefit from their technologies, stay competitive, or simply ensure smooth internal business procedures. Data analytics will provide faster breach detection and response time without a need to hire additional staff and raise your awareness of the events with the most secure and highest risks.
Ensure safe routers and networks
Since compromised IoT devices may spread malware to all connected endpoints, routers and networks should be secure. It involves monitoring and controlling all IoT devices and their settings, passwords, patches, credentials, network segmentation with the isolation of devices that cannot be taken offline immediately, secure network architecture like VLAN, and unneeded services disabled. Network segmentation is worth more detail here. Cybercriminals often use connected devices as an entry point for their further malicious actions. So, keeping segmented ensures limited access to the rest of your system.
Secure IoT devices while adopting them
The adoption of IoT devices demands a more secure environment. Both individuals and organizations can take some basic steps to secure their connected devises:
- Make risks assessment to ensure the visibility of all IoT devices within your network and what risks they introduce to it
- Install a new firewall at least every five years that provides technologies such as sandboxing, deep packet inspection, and network monitoring.
- use unique passwords instead of default ones and adjust security settings to your specific needs
- make sure your IoT devices use valid third-party applications from reliable vendors and be aware of their privacy policy and permissions they require
- please keep track of the updates of third-party apps installed on your IoT devices to protect them against security vulnerabilities
- make sure you do not use functionality you don’t need
Use of blockchain as IoT security tool
Gartner says that there is an increase in blockchain adoption combined with IoT adoption in the USA. This trend has been seen following an online survey of more than 500 U.S.-based IoT decision-makers in 2019. Three-quarters of the companies surveyed reported the adoption of IoT and blockchain technologies and combined blockchain with their IoT networks or intended to do so by the end of 2020. Two-thirds of the survey respondents who combined IoT and blockchain indicated enhanced security as the primary or secondary factor for implementation. Business efficiency and reduced costs were also mentioned as a ground for this.
When it comes to industries with the highest blockchain adoption rates among IoT implementers, pharmaceuticals, energy, and transportation are among them. In contrast, the finance sector has the lowest rates. Gartner analysts explain it with the fact that financial services providers deal with virtual goods rather than physical ones, and virtual services have little to do with IoT networks.
What makes blockchain IoT security so attractive is that blockchain has robust protection against data tampering and allows compromised connected devices to be shut down in an IoT network.
However, specific vulnerabilities are associated with blockchain, like the lack of power of many IoT devices and blockchain mining. Despite this, Gartner analysts predict the trend of blockchain IoT security to mature in 2020 since it enables new business models and solutions.
Bottomline
With IoT devices bringing unparalleled opportunities, their use of them requires professional cybersecurity expertise. Businesses and individuals can implement some basic steps towards IoT security but cannot overlook security pitfalls. In this context, generating competitive advantages for the IoT domain is about cybersecurity providers and requires appropriate actions by manufacturers of IoT devices. It involves software focused on a secure code with an opportunity to install relevant updates. An important thing here is also an opportunity for a user to report vulnerabilities to be processed promptly. This could help IoT device manufacturers build trust among consumers.
