IoT devices have become the choice of many consumers in a short span of time. Due to the cutting edge technology, IoT has become has been able to connect numerous household items, different modern gadgets, automobiles etc. With Cisco predicting that there will be ‘50 billion connected/IoT devices by 2020, we can just imagine the expansion of IoT as a technology. A Finland-based cybersecurity agency cited a research from Gartner that states the number of IoT devices in a household will increase from 9 devices to 500 devices by 2022. Almost all devices even if not needed, will include IoT connectivity.
According to F-secure’s chief research officer Mikko Hypponen, devices that lack IoT connectivity will be more expensive as they do not contain consumer information that can be used by manufacturers. Consumer data offered to enterprises by IoT devices make this technology more attractive for manufacturers. However, such data transactions accompanies notable risks and issues related to IoT. Manufacturers have to overcome these problems in near future. Every year, World Economic Forum processes a report that lists down biggest global risks. The reports are reliable as they are generated by various decision makers and experts around the world. The community has provided IoT a prominent rank in the report. Furthermore, if IoT technology has imperfections or is vulnerable to attacks, businesses related to the technology are going to be affected.
Although IoT does contain security vulnerabilities, there are certain imperfections that need to be taken care of by the manufacturers.
IoT Imperfections You Need To Know
In this article, we have listed major IoT vulnerabilities that every manufacturer should be aware of. Read On!
1. Walled Off Internet
World Economic Forum says that the government officials will be forced to break Internet into national or regional walled gardens due to constant cross border cyber attacks. The decision will be the result of various reasons like regulatory divergence and economic protectionism. It will hamper the practice of IoT technology as the decision challenges the flow of data transactions. Further, the World Economic Forum report adds that the decision will create a hyper-globalized online world that is limited. Although a few may welcome the decision but majority will resist the movement as it degrades the growth of technological development.
2. Cloud Attacks
Cross-border cyber attacks will aim cloud providers who store data that is gathered by IoT devices. Although different organizations both government and private are aware of such cloud attacks, cybersecurity is still less-equipped to challenge such potential threats. According to an analysis, World Economic Forum reports that a single cloud hijack may result into a loss upto $120 billion. Big loss!
Loss due to Cybercrime is evaluated as $1 trillion whereas loss from natural disasters are worth $300 billion.
3. AI-Built Security Issues
If you think that the intensity of ransomware attacks have increased a lot compared to previous years, it’s just the beginning. Cyber attacks like ransomware have only emerged for cloud providers. With years to come, the situation will only worsen says Sunnyvale’s security strategist Derek Manky. He further adds that cloud providers are going to be attacked more brutally in the coming years as they are going to be the bull’s eye. Other commercial services are also going to be targeted by cyber criminals.
Very soon, government entities, healthcare organizations, critical infrastructures and various businesses will see malware attacks that are completely designed by Artificial Intelligence. Attacks will based on complex data analysis and automated vulnerability detection. Moreover, with the introduction of quantum computers, evolution of cyber attacks will reach new heights.
Although, Polymorphic malware isn’t new, it is using Artificial Intelligence to write complicated codes that can dodge even sophisticated detection methods through machine-learning techniques.
4. Botnet Problems
IoT devices have easy targets for hackers as these devices are comparatively dumber than other devices. Besides, IoT connected devices provide a wider attack area that attackers can easily benefit from.
DDoS (Distributed Denial-Of-Service) attacks target and use poorly protected connected devices. Thus hackers can target public infrastructure with heavily coordinated DDoS attacks.
IoT devices that are controlled by hackers can control several connected sensors such as sprinkler controllers or thermostats. It can result into limited availability of vital infrastructure resources, water hammer attacks and power surges at wider levels. However, such attacks can be stopped by introducing smarter software that can differentiate between erroneous and emergency sensor data. Therefore machines can decide upon how to react on different data signals.
5. Limited AI
It’s true that the current Artificial Intelligence offerings have big limits. Big data and machine based learning that are related to Artificial Intelligence can help efficiently to detect and use data in large quantities. Unfortunately, there is much scant human intervention to the process and therefore it does not generate desired outcomes. This results into lack of AI and hence less smarter software and devices that may stand a chance to repair current and future IoT vulnerabilities.
Big data, Artificial Intelligence and IoT are interlinked with each other. As large amount of data, which is gathered by IoT devices are being processed by AI powered software, more valuable data is generated. But with scant human intervention, the system will have lesser actual predictive effect. It will result into the creation of poorly-protected connected devices.
According to security experts, collaboration of Artificial Intelligence with IoT devices will connect and optimize devices and data. AI-based security will offer enhanced situational awareness and data security encryption.
6. Lack of Confidence
A cybersecurity agency in Amsterdam named Gemalto researched about the role of security in IoT’s development. During the research, it was found that 90% of the customers did not trust IoT devices in terms of security. Additionally, majority of the organizations and consumers want the government to involve in security related issues to set security parameters. Reports state that 90% of consumers and 96% of enterprises believe that IoT security regulations should be implemented. Another study shows that even though 54% of users own IoT devices (at least four) only 14% consider themselves well-rounded on connected device security. The study also says that 60% customers feel that their data can be leaked whereas 65% acknowledge that their connected devices can be controlled by hackers.
Jason Hart, CTO at Gemalto adds, “It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”
7. Understanding IoT
It’s 2018 and manufacturers are still struggling to create methods to introduce changes and make implications clearer for consumers to take benefit of IoT to the fullest. In reality, the development of IoT has outpaced the human ability to understand the technology.
Steps To Improve Security: –
#1: Be Accountable
Several firms that develop IoT devices aren’t technology firms. As a result, they forget to take security into account while designing devices. Some of them aren’t aware of the best industry practices to generate strongly-protected IoT products.
Manufacturers that want to deliver IoT products must understand that IoT devices are vulnerable. Moreover, connecting them to each other via Internet will increase the risk of getting attacked by hackers. If companies fail to understand this reality, they will fail in business. They will put both their customers and the Internet at risk.
#2: Automatically Update
Image source: eweek.com
IoT devices that cannot update automatically are easy targets for hackers. We can take lesson from the attack where Mirai botnet controlled numerous IoT devices. There was no way to update affected devices and fix vulnerabilities. Therefore users were forced to buy new devices that degraded company reputation and hampered business.
We can learn from examples of products like Microsoft Windows XP where the company delivered security fixes to customers to repair security loopholes. Further, Microsoft appointed customer support professionals and security engineers to support product users.
Manufacturers like Nest prices $10 per month to maintenance. It allows Nest to be be graded as one of the best IoT device makers in the market.
#3: Embrace Disclosure
Ethical hackers play an important role in mending security loopholes in a product. IoT device makers should be approachable for white hat hackers to communicate about vulnerabilities in devices. IoT manufacturers should contain a web form or should include an email address to report errors and bugs at their website. They should also set up bug bounty programs to find vulnerabilities in their software and devices.
IoT has just entered its adolescence where products are getting smarter and intuitive day by day. They are learning to convert data into customer insights and further monetize it. Makers can benefit from data visualization templates, and AI based algorithms to learn and create new use cases. Businesses should keep in mind that no device or technology is entirely immune to bugs. However due to wider reach, IoT products have become more vulnerable to attacks. Hence, it is company’s duty to increase measures to safeguard user data and make IoT devices less prone to cyber attacks.