The Internet of Things: The security crisis of 2018?

Manufacturers must pause in their race to join the IoT gold rush and think about security standardisation The Internet of Things: The security crisis of 2018? image

The infinite possibilities and potential applications surrounding the Internet of Things (IoT) have been well-hyped over the past few years, but the technology is at a tipping point in terms of adoption as we head into 2018.

IoT, the ability of everyday devices to connect and transfer data to each other, is already carving out a place in the consumer market, with devices like smart home locks, thermostats, lighting and energy monitors.

The latest research also claims that 29% of organisations have already implemented IoT solutions, and this is expected to surge to 48% in 2018, as businesses are increasingly sold on the cost-savings and the productivity-enhancing benefits of IoT.

>See also: The future of the ‘Internet of Things’ security issues

But with the IoT bandwagon rushing full steam ahead, few vendors or customers are pausing to consider the enormous security risks associated with the devices. The influx of additional entry points into an organisation’s network, plus a current lack of security standards for IoT devices, means there is a gaping hole in the perimeter of any home or business that has installed IoT devices.

Consider the operating systems for such appliances. How do you upgrade the OS in a wall-mounted air conditioning unit that’s connected wirelessly? Or a smart light bulb? If you can’t upgrade an operating system, how can you attempt to patch any vulnerabilities?

Then, when you are hacked (and it is when, not if), where does that leave you? You now have a ‘dirty’ corner of your network and all it takes is for another hacker to connect to that ‘dirty’ corner to repeat the process. It’s a case of vulnerability after vulnerability. By 2020, it is estimated that 25% of cyber attacks will target IoT devices.

Worryingly however, a recent survey by price comparison website MoneySupermarket indicates UK consumers are aware of the perils associated with IoT devices – but the apparent convenience, security and cost-saving benefits appear to outweigh the risks.

The research shows more than three-quarters of UK consumers are fearful of connected home technology, citing concerns about hacking and unapproved data collection. But the same survey forecasts that there will still be 25-30 billion devices worldwide by the early 2020s.

>See also: Ransomware of IoT: the new security nightmare

Another study revealed that 54% of IoT device owners do not use a third-party security tool to protect their devices from outside threats – and more than a third (35%) don’t change the default password on their devices, leaving them vulnerable to attacks. An astonishing and worrying failure.

Even 2016’s high-profile Mirai attack doesn’t seem to have caused either manufacturers or consumers to stop and consider the security implications. Mirai used IoT devices to mount wide scale distributed denial of service (DDoS) attacks that disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK.

The current IoT landscape can be compared to the early days of the internet, when viruses, worms, and email spam plagued users. Many companies raced to join the internet ‘gold rush’ without necessarily considering the importance of internet security.

It’s not overly-dramatic to say the same is true now. The priority for IoT device manufacturers is the time it takes to get to market and the potential revenue. But in 2018 and beyond, we’re talking about devices that could potentially wipe out organisations, cities and even pose a threat to human life, if they fall into the wrong hands.

It’s not difficult to imagine five years into the future, where organisations will be forced to change the makeup of their network security, with very steep rises in their security costs. Firms may need to double or treble their IT security budget, just to protect against the threat from wireless light bulbs and thermostats.

These are clichéd examples, but there will be essential applications that organisations will use IoT for, which include managing heating across locations; and financial transactions. IoT will also be used in manufacturing, where devices operating in a machine-to-machine (M2M) environment, without underlying security, have the potential to cause security breaches.

>See also: EXCLUSIVE: Top female CIO on IoT implementation and security

So, what can be done to address these obvious security flaws before too much damage is done?

First and foremost, technology vendors should band together to make the case for security standards that can be implemented around business-deployed IoT devices. Standards could include certification, so the user knows a device is trusted. If a device is deemed insecure, it can be recognised as such, its certificate withdrawn and the appliance isolated.

Currently, the only option for untrusted devices, that can’t be securely upgraded or defended in situ by additional security devices, is to find them and tear them out. And, as they become increasingly embedded in an organisation’s network and systems, the cost of ripping these devices out could be up to 100 times the cost of the device in the first place.
IoT manufacturers need a call to action, to consider the consequences of their actions today.

In 2017, the United States proposed a new bill that would introduce standards for IoT devices purchased by the US government. The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would require IoT vendors to ensure the devices can be patched when security updates are available; that the devices do not use hard-coded (unchangeable) passwords; and that devices are free from known vulnerabilities when sold.

This is a huge step towards forcing developers to take IoT security seriously in the future. In Europe, the European Union Agency for Network and Information Security (ENISA) has called upon suppliers, developers, industry associations, regulators and academia to come together to exchange viewpoints and ideas on cyber security threats, challenges and solutions.

>See also: It’s time to take IoT security seriously 

In a position paper the group declared there is currently “no level zero defined for the security and privacy of connected and smart devices,” no legal guidelines for IoT device and service trust, and no “precautionary requirements in place.”

There is some evidence that the UK Government, through the implementation of its five-year National Cyber Security Programme (NCSP), is looking to work with the IT industry to build security into IoT devices through its ‘Secure by Default’ initiative.

Earlier this year, a project team within the Department for Digital, Culture, Media and Sport (DCMS) was established to drive this project, with the aim of tackling the issue at the point of manufacture of the software and hardware.

In 2018, standardisation on IoT devices is a must. It is essential that devices are secure by design, rather than included as an afterthought. The failure of any business to co-operate on a joint plan now to protect themselves is incomprehensible. If they don’t, they are sleep-walking into a security crisis.

 

Sourced by Ian Kilpatrick, EVP Cyber Security for Nuvias Group

Latest news

divider
Technology
Taking stock of the turbulent tech markets

Taking stock of the turbulent tech markets

14 December 2018 / There is one simple measurement for how ubiquitous technology has become in recent years. Today, [...]

divider
Blockchain
Blockchain and Facebook could be near, but what are the benefits?

Blockchain and Facebook could be near, but what are the benefits?

13 December 2018 / Mark Zuckerberg never did actually say Facebook was adopting blockchain. But he did say that [...]

divider
Telecoms
Top 3 telecom trends for 2019

Top 3 telecom trends for 2019

13 December 2018 / Consumer-driven data consumption, fuelled by the mobile and broadband services in IoT devices, which have [...]

divider
AI & Machine Learning
AI and investing: The artificial intelligence analytical revolution

AI and investing: The artificial intelligence analytical revolution

13 December 2018 / Over the past 20 years, investment management has undergone an aggregation revolution, where advances in [...]

divider
Data Protection & Privacy
We risk a digital crisis in 2019 akin to the 2008 banking crisis, warns data privacy lawyer

We risk a digital crisis in 2019 akin to the 2008 banking crisis, warns data privacy lawyer

13 December 2018 / A divergence is opening up in data privacy: on the one hand, you have the [...]

divider
People Moves
Avon appoints chief financial officer

Avon appoints chief financial officer

13 December 2018 / Gustavo Arnal has been appointed as executive vice president and chief financial officer of Avon, [...]

divider
Digital Transformation
Is digital disruption an opportunity or a hindrance?

Is digital disruption an opportunity or a hindrance?

13 December 2018 / There’s no denying that technology has been the most significant disruptive force in business across [...]

divider
Business Skills
How to develop a data culture within your organisation

How to develop a data culture within your organisation

13 December 2018 / The CDO’s leadership challenge CDOs — or anyone with a CDO mandate — are normally [...]

divider
Diversity
Nominations open for the inaugural Women in IT Awards Asia 2019!

Nominations open for the inaugural Women in IT Awards Asia 2019!

13 December 2018 / As part of the Women in IT Awards Series, we are today announcing that nominations [...]

Do NOT follow this link or you will be banned from the site!
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
modal close image
modal header

Top five trends for harnessing data in 2019

Day 1 of our tech advent calendar – From data storytelling to using data for good, James Eiloart from Tableau gives his take on the top trends in harnessing data as we head into 2019.

default

modal header

Top five business analytics intelligence trends for 2019

From explainable AI to natural language humanising data analytics, James Eiloart from Tableau gives his take on the top trends in business analytics intelligence as we head into 2019

 

Download

default

modal header

Recruitment trends in tech for 2019: Machine learning, AI and predictive analytics

 

Major changes are occurring in the ways human resources and other related professionals find the right people for open positions. Kayla Matthews looks at recruitment trends in tech.

 

 

default

modal header

2018 tech predictions: what we got right (and wrong)

Ben Rafferty, Global Solutions Director at Semafone looks at what technology predictions we got right this year, and what ones we got wrong.

 

modal header

Will 2019 see the automation of automation and push up salaries of data scientists? 

2019 will see the start of two dramatic changes applying to data scientists: and in an interview, Jeremy Achin, CEO of DataRobot told Information Age more.

default

modal header

The top 5 data centre trends for 2019: Edge will drive change

Vertiv experts anticipate self-sufficient, self-healing edge in service of IoT and the emergence of 5G, as some of then top trends for data centres in 2019.

modal header

The top 10 infrastructure and operations trends for 2019, according to Gartner

Serverless computing, AI, network agility, edge computing, the death of the data centre, new roles, SaaS denial, talent management and global infrastructure drive the Gartner top 10 infrastructure and operations trends for 2019.

modal header

Seven existential threats to your organisation’s cyber defences in 2019

Hackers are getting smarter, meaning that businesses need to get smarter with cyber defences. Jumio\\\’s Labhesh Patel outlines seven threats

 

Download

modal header

The continuing rise of mobile edge computing, 5G and IoT security, hot topics for 2019

IoT a new cyber battleground, the rise of mobile edge computing and the arrival of 5G, Nick Offin from Toshiba gazes into his crystal ball with predictions for 2019

default

modal header

Tech predictions from The Economist in 2019: Facial recognition to AI regulation

In this exclusive for Information Age, a team of editors from The Economist\’s World In 2019 provide tech predictions for 2019. Read here

 

default

modal header
modal header

Online security predictions for 2019: From cryptojacking to MiTB attacks

Pedro Fortuna, CTO and founder of Jscrambler, provides his online security predictions for 2019 — can it get any worse? Read here

modal header

We risk a digital crisis in 2019 akin to the 2008 banking crisis, warns data privacy lawyer

The 2019 digital crisis, data privacy charlatans and the good guys with an ethical approach: data privacy will diverge in 2019 says privacy lawyer.

default

modal header

Xmas is coming!

We wanna celebrate with you that xmas is almost here and so we are offering you this special gift. Go and download it!

Download

Nominations are now open for Women in IT Awards Asia

 

The Women in IT Awards Series  is the technology world’s most prominent and influential diversity program.

 

On 29 May 2019, the awards will come to Asia for the first time ever, taking place in Singapore. Nominations are now open for these prestigious awards.

 

Click here to nominate
yourself, a colleague or peer!
 

You have Successfully Subscribed!

Pin It on Pinterest