The continued growth of the Internet of Things and connected devices (Gartner predicts a total of 20.4 billion connected things in use worldwide by 2020) has resulted in an exponential growth in data – with a promise to make appliances smarter, processes more efficient and life, in general, easier. While this massive generation and collection of data certainly has its benefits, easy access to data also comes with increased vulnerabilities – unsecured IoT devices pose serious risks to personal and corporate information.
Securing IoT devices is challenging for several reasons. A rapidly increasing number of gadgets are becoming smart devices, and as manufacturers roll out new products more quickly, security can be given low priority as the focus is on time to market and return on investment metrics. A lack of awareness among consumers and businesses is also a major obstacle to security, with the convenience and cost-saving benefits of IoT tech appearing to outweigh the potential risks of data breaches or device hacking.
For years, consumers and businesses alike have been obsessed with securing computers and smartphones. But in reality, those devices are less at risk than more simplistic connected items. PCs and smartphones, while penetrable, benefit from over a decade’s worth of security developments and regular updates to guard against new threats. The requirement to protect sensitive data that was stored on and/or transmitted through PCs and smartphones was recognised early. However, certain connected devices, like a children’s toy which could be linked to an interactive smartphone or PC app, may not be equipped to deal with the same standard of threats, because they are not necessarily associated with handling the same type of information.
An unsecured connected toy, though, poses an entirely different sort of danger than hacking into a computer. Malicious hackers could use these toys to gain access to the home’s internet or communicate with and even physically harm children. While it’s an unlikely scenario, it is nonetheless important for parents to be keenly aware of the security and data collection methods of their children’s favourite toys.
A blessing and a curse
The Internet of Things promises more freedom and functionality for businesses than ever before, with the technology being used in sectors like supply chain, transportation, logistics and healthcare. Eventually we could see almost every home device connected to the Internet – with either explicit broadband connectivity or “behind the scenes” data collection used by enterprises as part of their managed services models, which can be incredibly valuable for businesses. Much like the children’s toy example, most IoT devices can serve as entry points into a home or corporate network, exposing families and companies to significant data breach risk. For industrial IoT, those entry points can provide hackers with access to private servers, which is problematic given 80 percent of the world’s data sits on private servers, mostly operated by businesses. And it’s not just corporate sensitive information at risk – many of these business servers contain sensitive personal data of consumers, which could be jeopardised in attacks and leave unwitting customers open to theft.
Data that lives natively on an IoT device is similarly vulnerable. For instance, the use of commercial drones has become prevalent in sectors like agriculture, military and construction, due to their versatile applications and access to real-time data. If the operators of these drones leave them unsecured, hackers can access them and install malware to strip out sensitive business data, including pictures and video.
While businesses cannot stop IoT attacks from happening, they can be proactive in mitigating threats to network security and protecting valuable data and IT systems. Emerging platforms like blockchain can help secure IoT devices by getting rid of a central authority in IoT networks. This would enable devices in a common group to issue alerts if asked to perform unusual tasks, thereby decreasing the capabilities of a hacker through a single entry point.
For their part, consumers must hold businesses to higher standards and approach any IoT-related purchase with a critical eye. They should conduct thorough research and verify that everything involved with their smart device purchases is legitimate – from the website reviews that inform their decisions to the retailers and manufacturers from which they buy. Luckily, organisations appear to be aware of the increasing threats to IoT security. A recent Gartner report indicates that worldwide IoT security spending will reach $1.5 billion in 2018 and will more than double to $3.1 billion by 2021.
While securing the Internet of Things is a monumental challenge, doing so will become increasingly important in preventing business and personal catastrophes. It will also allow companies to put the focus back on the primary intents of IoT – to collect and analyse more data to optimise processes, reduce costs, improve quality of service and enhance the customer experience.
Read Tim’s previous blog on IoT interacting with artificial intelligence here.