The Internet of Things (IoT) is here to stay. It could well be on your wrist, in your pocket, in your car, in your house or even in the sporting equipment you use. From smart watches and self-driving cars to smart toothbrushes and connected tennis rackets, we are living in a world where no device is an island.
It’s easy to forget, but equally important to remember that the nature of the internet’s design – easy accessibility and instant connectivity first, security second – has exposed businesses and consumers to a multitude of potential cyber security vulnerabilities.
By 2020, according to IDC, there will be more than 30 billion connected devices – more than triple the current number, which already dwarfs digitally linked people. IoT will mean connected cars with an array of alerts about hazards on the road, and roadways providing data about traffic jams.
>See also: The Security of Things: IoT and cybercrime
Hospitals will be highly systematised, coordinating insights from healthcare providers across the country, and even from different continents, in the course of surgery.
Intelligent buildings will create new layers of security, and their heating and air conditioning systems will adjust automatically to the latest weather conditions and forecasts. This is the internet universalised, embedded more deeply into every aspect of our lives, using volumes of data to automate what humans don’t always get right.
But it won’t be possible to take human nature completely out of the mix. Recent X-Force research on security issues has discovered that the IoT can drag in its wake a host of unknown security threats as hackers, fraudsters, data thieves and even savvy terrorist groups could be tempted to follow the scent of the immense volumes of data flowing through the IoT.
In 2014 alone, 1 billion records of personally identifiable information (PII) were leaked, an increase of 20% from the previous year, when 800 million records were leaked. In addition, more than 9,200 new security vulnerabilities affecting over 2,600 unique vendors were discovered in 2014 – the highest single year total in the 18-year history of X-Force reporting and a growth trend that may likely continue as the IoT expands.
The highly skilled and organised cybercriminals of today have the potential to tamper with a car’s firmware to kill its brakes. Or to unlock a digital backdoor to a building’s security, shutting down lighting and HVAC systems, an entire manufacturing plant, or even a whole industry.
If left unchecked, they have the power to control and shut down an entire city’s power grid. Or even disrupt an implanted medical device that someone’s life depends on – you’ve seen Homeland right?
The challenge of preventing these attacks lies in the sheer scope of the IoT as it rapidly evolves. Many of today’s manufacturers of ‘things’ are new and small, with limited resources to invest in IoT security and protection.
>See also: IoT will become the Army of Things in fight against cybercrime
In the absence of a shared worldwide vision to confront the IoT privacy and security challenge, every organisation should found its IoT device and technology programme on the five building blocks: secure operating systems, unique identifiers for each device, data privacy protection, strong application security, strong authentication and access control.
IoT devices will add convenience, save money and even save lives – in fact, they are already doing all of these. But, if the rise of cybercrime in the last year is any indicator of the future, security should be treated as the indispensable keystone of the IoT, not simply a retrofitted, secondary pillar.
Sourced from Martin Borrett, IBM Security Europe
