Insecure IoT Can Affect All of Us
For years, futurists and, of course, the technology industry, have been writing about how the internet of things (IoT) is going to dramatically change how we work and how we live. Smart connected devices, they said, are going to transform the way our physical and digital worlds interact. And while we’re certainly seeing much more of that in our homes, around town, and at the office (well, not so much the office these days), we don’t seem to know how many of these devices are really swirling around us everyday. This is a problem.
A world of connected things
Quite simply, these “things” are physical objects (or systems of objects) that are enabled by two-way communications over the internet. In our homes, we’ve seen a proliferation of smart speakers, door locks, appliances, lighting systems, picture frames, smoke detectors, thermostats, and more. A jet engine could also be a “thing”, as could the airplane it powers. Connected cars, industrial robots, locomotives, oil refineries, smart factories, and large power transformers are all examples that exist today. On our persons, we wear smartwatches, fitness trackers, medical sensors, and, of course, our mobile phones, which have an app for monitoring just about every aspect of our lives.
In its Annual Internet Report, Cisco claims that there will be 29.3 billion total networked devices by 2023 (up from 18.4 billion in 2018), half of which will be machine-to-machine IoT connections. 1 IHS Markit is even more optimistic and puts the number at 73 billion IoT devices by 2025. 2 It’s safe to say that if you’re a homeowner or manage part of a business, you’re going to be surrounded by smart devices designed to automate and simplify your life. That’s good, right? Well, not so fast.
Simplifying or threatening our lives?
Simplifying the interaction of our physical and digital worlds, on the face of it, is a good thing. For too long we’ve put up with computerized systems and software that have been anything but user-friendly. Lately, however, we’re seeing the real promise of IoT as product designers make them easier to use and integrate into our daily routines. That’s why we’ve seen the surge in smart home systems like thermostats, doorbells, and HVAC systems.
But the explosion of these smart “things” has brought with it a security challenge that hasn’t been fully addressed by either the end users or vendors. Unlike the traditional IT devices like our phones, laptops, and corporate computing systems that we’ve been securing for decades, security for these new IoT and OT (operational technology) devices and systems is still largely an afterthought. It’s getting better, but it’s still a big problem that’s about to get worse with 5G cellular solutions right around the corner.
The danger is that while the cyber attacks on traditional IT systems are certainly troublesome and costly, the damage is generally confined to the organization compromised, its customers, and its business partners. With IoT and OT devices, on the other hand, attacks targeting the critical infrastructure and operational technologies necessary to provide the services we depend on every day can be more far-reaching and disastrous. These are systems that provide our electricity, transportation, water supply, and other public works. They enable our healthcare system, manufacturing, communications, and the variety of solutions that serve the essential functions and needs we take for granted.
Think about how an extended disruption of the power grid would affect your life. What would you do without dependable electricity, water supply, or first responders? It’s a scary thought, yet organizations in government and the private sector largely have no idea how vulnerable these systems are and how extensive the attack surface really is.
The attack surface is growing exponentially
This tsunami of connected devices powering everything from critical infrastructure to factories to even our homes is vulnerable to cyber mischief that will affect us all. Despite the many benefits IoT and OT provide, billions of intelligent endpoints are proving to be a cybersecurity nightmare with every device becoming an attack point. IoT devices, especially consumer-grade ones, have a history of being poorly designed with weaknesses and vulnerabilities that can and have been exploited by amateur hackers armed with basic computer skills and instructions easily found on the internet.
Even the most skilled IT security team today can’t tell you how many dozens of connected devices are swirling around them at any moment. For those who could, the first half of 2019 saw more IoT attacks than in all of 2018, a 300% increase, and logic tells us that this is probably a very conservative figure.1
To manage IoT devices, you have to see the IoT devices
You can’t manage what you can’t see, so that’s the first step for any organization responsible for making sure their IT and OT technologies are online and protected. This is well understood for traditional IT environments, where endpoints and devices are actively managed and secured through a layered security approach. However, as IoT and wireless devices continue to flourish, organizations now need to think more about securing these systems with the same focus and intensity. Otherwise, the traditional systems they’ve spent so much time and effort to secure will be ripe for the picking as billions of new and invisible devices lay out the welcome mat for clever hackers looking for insecure back doors.
To learn more about how forward-thinking organizations are protecting their wireless and IoT solutions, download the whitepaper.