The spaces around us – our homes and offices – are becoming smarter and smarter. Internet of Things (IoT) devices have greatly simplified our daily lives, and their use will continue to grow. Gartner says that the enterprise and automotive IoT market will grow to 5.8 billion endpoints in 2020, a 21% increase from 2019. But what are the risks associated with the adoption of connected devices? In today’s article, we’ll examine the vulnerabilities in embracing IoT technology, whether they differ in 2020 from those in previous years and how a more secure IoT environment can be built to build customer trust in it.
Reference to the Internet of Things
Internet of Things (IoT) is a network of physical objects ranging from household appliances to enterprise and automotive endpoints embedded with sensors and software in order to connect and exchange data with other devices via the Internet.
IoT security-related pitfalls
In 2019, the survey of customers in Australia, Canada, France, Japan, UK and the US found out that 63 % of the respondents are concerned about the way connected devices collect data about people and their behaviour and name them “creepy”. In other words, security and privacy are top hacks associated with IoT devices. This will remain until 2025 as a consequence of a lack of skilled staff, changing threats, complex vendor landscape and immature standards, Gartner says. What is so concerning is that security-related vulnerabilities affect IoT endpoints across a number of industries. Let’s have a look at some examples.
Recently, IoT hacks have been found in third-party software used for medical devices at hospitals. It has been revealed that the vendor no longer provides support to it but some manufacturers still incorporate the software into various IoT devices for medical use. For example, this has been used for real-time applications in the emergency rooms and critical care units to ensure the accuracy of the medical devices to allow their response to events in real time. Security-related vulnerabilities have been also reported in insulin pumps. Thus, hackers were able to change parameters by sending radio frequency signals and put patients at risk. Besides, cybersecurity threats also affect medical images that can be used to spread malicious code.
Hackers can hijack cars through third-party car alarms. According to the research, hacking smart cars includes different actions, like modifying car parameters, stopping a car while in motion, communicating directly with a car’s host computer, eavesdropping on drivers via the SOS function, etc.
Some researchers report radio frequency (RF) controllers in industrial machines like cranes to be a weak side that can be used for different class attacks. The researchers were able to switch on the equipment even if the operator issued emergency stop. This was possible due to the fact that these RF controller use out of date proprietary RF protocols focused on safety rather than security.
A new security gap associated with Echobot botnet has been revealed with over 50 exploits that lead to remote code execution and command injection in IoT devices. This malware can affect a wide range of connected devices, inter alia, network attached storage (NAS) devices, routers, security cameras, smart home hubs.
As you know, cybersecurity has always been a pretty dynamic sphere but now hacking activities are jumping beyond boundaries when it comes to IoT devices. What we see as an emerging trend here is that IoT security flaws affect not only personal or sensitive data but also human life and safety.
How to deliver more IoT assurance to customers?
Why is IoT devices security so complicated? Many IoT devices were not initially designed with the level of security that is the case for other IT systems. In other words, software used in IoT endpoints was not intended to be digitally connected elsewhere.
Here are some defensive strategies to mitigate IoT security risks.
Seek legal council
Whether in healthcare, or in automotive industry, or elsewhere, IoT devices generate an unparalleled amount of data. Existing and upcoming laws like the European General Data Protection Regulation are intended to regulate data processing because data collected by IoT devices are sensitive and of personal nature. Businesses should ensure their partners and other stakeholders to comply with relevant data security and retention guidelines when it comes to IoT devices supply and maintenance. This regulatory compliance will entail large expenditures: $1 billion is predicted to be spent for security management globally.
Ensure continuous risks management
The average time to detect a breach in the Americas is 99 days and the average cost is $4 million. That’s why companies and organizations should take advantage of data analytics to ensure CARTA – continuous adaptive risk and trust assessment. Continuous assessment of risks of your major digital partners is very important if you want to benefit from their technologies, stay competitive or simply ensure smooth internal business procedures. Data analytics will ensure faster breach detection and response time without a need to hire additional staff as well as raise your awareness of the events with the most security and highest risks.
Ensure safe routers and networks
Since compromised IoT devices may spread malware to all connected endpoints, routers and networks should be secure. It involves monitoring and control over all IoT devices and their settings, passwords, patches and credentials, network segmentation with isolation of devices that cannot be taken offline immediately, secure network architecture like VLAN and unneeded services disabled. What is worth more details here is network segmentation. Cybercriminals often use connected devices an entry point for their further malicious actions. So, keeping segmented ensures a limited access to the rest of your system.
Secure IoT devices while adopting them
The adoption of IoT devices demand a more secure environment. Both individuals and organisations can take some basic steps to secure their connected devises:
- make risks assessment to ensure the visibility of all IoT devices within your network and what risks they introduce into it
- use unique passwords instead of default ones and adjust security settings to your specific needs
- keep track of the updates of third-party apps installed on your IoT devices to protect them against security vulnerabilities
- make sure you do not use functionality you don’t need
Use of blockchain as IoT security tool
Garther says that there is an increase in blockchain adoption combined with IoT adoption in the USA. This trend has been seen following an online survey of more than 500 U.S. based IoT decision makers in 2019. Three quarter of the companies surveyed reported the adoption of both IoT and blockchain technologies along with combining of blockchain with their IoT networks or intended to do so by the end of 2020. Two-thirds of the survey respondents who had combined IoT and blockchain indicated enhanced security either the main or secondary factor for implementation. Business efficiency and reduced costs were also mentioned as a ground for this.
When it comes to industries with the highest rates of blockchain adoption among IoT implementers, pharmaceuticals, energy and transportation are among them. While finance sector has the lowest rates. Gartner analysts explain it with the fact that financial services providers deal with virtual goods rather than physical ones and virtual services have little to do with IoT networks.
What makes blockchain IoT security so attractive is that blockchain has robust protection against data tampering and allows compromised connected devices to be shut down in an IoT network.
However, there are certain vulnerabilities associated with blockchain to be solved like lack of power of many IoT devices and blockchain mining. Despite this, Gartner analysts predict the trend of blockchain IoT security to mature in 2020 since it enables new business models and solutions.
With IoT devices bringing unparalleled opportunities, the use of them requires professional cybersecurity expertise. Businesses and individuals are able to implement some basic steps towards IoT security but they cannot overlook all security pitfalls. In this context, generating competitive advantages for IoT domain is not only about cybersecurity providers but also requires appropriate actions by manufacturers of IoT devices. What it involves is software focused on a secure code with an opportunity to install relevant updates. An important thing here is also an opportunity for a user to report vulnerabilities to be processed in a timely manner. This could help IoT devices manufacturers build trust among consumers.
Thank you for reading.