With the proliferation of connected devices under IoT, cybersecurity risks have also increased. Making devices secure against IoT security issues therefore will become a key differentiator for manufacturers.
Needless to say, the internet of things has become a reality. What makes IoT appealing is the various applications that it allows. According to a recent blog post by Allot, IoT can be classified into two main domains: Consumer IoT, characterized by devices that are part of the smart home such as refrigerators, door locks, light bulbs, surveillance systems, as well as IoT consumer/lifestyle devices such as fitness bands, smartwatches, and drones; and enterprise/business IoT, mainly segmented by its verticals to include devices such as electricity, gas, and water meters used by utility companies, and devices used in connected vehicles, retail, health, shipping, and agriculture. IP cameras can also be thought of as IoT devices.
Yet with IoT taking hold and making the everyday life more convenient, it has also introduced new risks, especially those that are security-related. This is partly because of the inexpensiveness of the devices, the post said.
“IoT security issues have been growing in the past few years as it becomes increasingly apparent that IoT devices are, by their very nature, unsafe,” it said. “This is primarily because these devices tend to be cheap, throwaway items that would not have become so popular so quickly if they were more expensive. One of the things that keeps their cost down is little-to-no investment in making them secure.”
And recent high-profile security incidents suffered by IoT devices underscore the harm that can be done, the most infamous being the Mirai malware that wreaked havoc in 2016.
“Mirai targeted online consumer IoT devices such as home routers and Internet-connected cameras. On September 20, 2016, the Mirai malware was used in the largest ever Distributed Denial of Service (DDoS) attack, targeting French cloud computing site OVH and, later in the same year, United States DNS provider Dyn,” the post said.
According to the post, further risks associated with both home and enterprise IoT include the following: data security concerns, personal and public physical safety risk, privacy issues and data storage management following the exponential growth of IoT devices.
Amid increased cybersecurity threats, there are several steps that IoT OEMs could take to mitigate IoT risk in their products, the post said. “For example, IoT device manufacturers could make security a primary concern during all phases of device development. They could also provide lifecycle device updates,” it said. “With the growing maturity of IoT devices, security will likely become a market differentiator. A company selling Internet cameras that offer lifetime security upgrades is going to accumulate more sales than a rival company that does not.”
Manufacturers aside, other stakeholders should play a role in protecting against cyberattacks as well, the post said. “The best way to protect against IoT attack is by having your communication service provider play a key role not only connecting your IoT devices but in systematically mitigating the cyber risks those IoT connections create,” it said, citing a previous Frost & Sullivan report.
Finally, the post suggested that protecting against IoT attacks in the network itself provides significant benefits to both enterprises and consumers, and these benefits include:
- Centralized solution that is device/end-point independent;
- Mass market activation of IoT security to all devices;
- Use of global threat intelligence in real time and the ability to utilize different kinds of databases and technologies;
- Protection responsibility being supplied by CSP experts, taking this responsibility away from the consumer; and
- Blocking the threat before it enters the home or the device.
Source: William Pao, a&s International