The Internet of Things (IoT) can be used to interconnect various physical devices as well as virtual objects that can be accessed through the internet.IoT is rapidly growing and changing our lives. There has been a massive surge in the use of IoT devices, mainly in the homes and manufacturing sectors. IoT has invaded every aspect of our lives and everything from your water sprinkler to your security system is connected to the Internet. With the overwhelming amount of new technologies popping up every day, IoT security often tends to be overlooked which makes the users of these devices vulnerable to security threats.
Understanding the threat
IoT creates a network of the physical objects, whose data is stored on the cloud and the devices connect to the surrounding objects and the extensive data around them. Since the data is being passed back and forth on thousands of devices, hackers are just one vulnerability away from exploiting all your personal data stored on the network. Now you may think that your home automation and other IoT devices being compromised is not a major risk as there is negligible personal information stored on any of these devices. But consider this, IoT items usually consist of a camera or microphone and they may be compromised. This will enable hackers to monitor all your movements thus leading to a breach of privacy. Cisco analysts predict that more than 50 billion devices will be connected to the internet by 2020. This quantity is far more than the number of people on the planet and it only emphasizes on the scale of this vulnerability and the urgency needed to tackle the issue.
Research has shown that nearly 70 per cent of IoT devices are riddled with serious vulnerabilities. Protecting organizations and individuals against the increasing risks aren’t going to be easy, we can’t afford to have so many exposed weaknesses waiting to be exploited. Firstly, one needs to be aware of the threats they are facing. OWASP has provided us with the Internet of Things Project where they highlight the top 10 susceptible areas. The project explains the vulnerabilities as well as discusses prevention.
The list is as follows:
- Insecure Web interface
- Insufficient authentication or authorization
- Insecure network services
- Lack of transport encryption
- Privacy concerns
- Insecure cloud interface
- Insecure mobile interface
- Insufficient security configuration
- Poor physical security
Many good security practices have been theoretically considered. These include the use of secure protocols, using a VPN, using identity management and by providing timely latest updates and patches for the gadgets.
- At a workplace, a savvy user may manipulate the ID access process to get into a restricted area which they don’t have access to.
- Other than data breaches of solo users and large organizations, IoT security also includes public infrastructure such as traffic lights and power plants which may be manipulated by malicious users and disrupt day to day lives of the mass population.
- All the data generated by IoT devices is collected and stored to use for machine learning algorithms that use the data to create better business solutions and improve quality of life. The volume of this data produced is immense.
- Users of IoT gadgets seem to not pay attention to these threats because they aren’t well aware of the technical aspects and serious nature of these vulnerabilities and attacks, or simply because they do not care enough and trust the device brand.
The next few years are crucial for the development of IoT, we need to ensure that manufacturers make use of a security regulatory framework and follow a set guideline of cybersecurity standards required for IoT security. The myth that IoT cybersecurity is a consumer problem needs to be broken and organisations need to understand that their applications are and data are vulnerable to various kinds of cyber attacks. The goal to be achieved is the prevention of all kinds of attacks and not just their detection, that is the worst possible outcome as detection usually implies that the damage has been done and likely has spread.
Even though most IoT security challenges are yet to be overcome, the industry has recognised these weaknesses in the devices. Fortunately, cybersecurity professionals are already adjusting to the new demands of this widespread network.