Attack Surfaces on the Rise
When it comes to technology, there is a new ‘next big thing’ every decade or so. This is the era of smartphones and other handheld devices that connect and communicate wirelessly over the network. IoT or Internet of Things has brought about a new ecosystem in which cloud computing, data analytics and sensor technology all come together with smart devices that interact with each other to present solutions and improve the overall standard of living. A world where automobiles can navigate their own paths, home appliances can be turned on or off from virtually anywhere, and security systems can be monitored or manipulated through a smartphone seems too good to be true; and perhaps it is. E-health, e-manufacturing and e-transport, IoT is touching the lives of people and corporations in more ways than one. But the downside is that the higher the number of IoT endpoints, the higher the number of security vulnerabilities.
On one hand, the rapid expansion of IoT has made the technological landscape more vulnerable than ever; while on the other hand, it is the inherent security concerns that are keeping IoT from receiving even wider acceptance. Therefore, IoT security must be a priority, within organizations as well, to reap all the potential benefits. In the absence of proper security measures and user awareness, here’s how IoT vulnerabilities can wreak havoc much beyond the enterprise itself.
Botnets, IoT Devices and DDoS
One of the most critical threats posed by IoT devices is their potential use by botnets. Not long ago BrickerBot and Mirai botnet infected vulnerable IoT devices. Unfortunately, they haven’t been the only ones of their kind. The self-propagating Mirai botnet used IoT devices with default or obvious security credentials to launch one of the largest DDoS attacks of its time against the website of security researcher Brian Krebs. Brickerbot also leveraged the same vulnerabilities as Mirai and differed, in essence, only because it killed the device it affected. The consequences of such an attack on an enterprise relying heavily on IoT for its everyday operations could very well be devastating. Since all IoT devices at least have an IP address and an internet connection, only protecting routers is never enough. From smart temperature sensors to ovens, and even coffee makers, no IoT device should be left without taking necessary security measures, not to mention frequent security updates and patching.
Data Vulnerability in IoT Applications
Even the smallest of unprotected smart devices can become an entry point for malware that can end up affecting an entire enterprise’s network. From there onwards, the possibilities are endless for the attackers. From employees’ personal data and devices to the organization’s sensitive data, everything could be at their disposal. IoT does not only comprise of physical devices; almost all of the smart devices have a corresponding mobile or web application to go with them. The problem with IoT controller apps is that their development is often rushed in the quest to hit the market first. While developers and vendors put a lot of focus on main functionality and intuitive features, security is often pushed to a corner. IoT security requires a multi-layered approach. The devices, network and applications, all must be secured to protect sensitive data and devices.
Enterprises invest a lot of resources on cybersecurity, but the entry points keep on increasing and so does the number of attacks. Covering the cybersecurity basics such as multi-factor authentication, threat detection, security updates and firewalls is imperative, but it’s not enough anymore. Attacks are inevitable, and cyber resilience is the way forward. Enterprises must ensure that their networks can recover and continue as usual in the event of an attack. Context-based security and AI-based network monitoring are also gaining popularity. Cyberattacks are a reality that no one can entirely run from, and so is IoT. Enterprises must devise and leverage up-to-date security tools and techniques to benefit from IoT while effectively mitigating the associated risks.