The internet of things (IoT) is all about connecting devices to the internet so that they can talk to each other and to us, to make life more convenient. That might mean turning on the lights when we get up, or allowing us to use our phones to see who’s at the front door, even when we're at the office. The potential applications are endless.
There are already more than 6 billion connected "things," and that's set to rise to more than 20 billion by 2020, according to Gartner.
But the enthusiasm for all things IoT has blinded us to the potential risks. Too many companies, keen to gain a foothold in the market, have rushed out products that lack basic security protocols. The risks here are enormous.
Hacking the IoT
Every device that's connected to the internet is another potential point of entry for a hacker. As we bring more and more of these devices into our homes and businesses, we need to be sure that they’re secure. There have been several reports of mysterious strangers hacking into baby monitors to talk to children or even watch them. The New York Department of Consumer Affairs issued a warning about it.
Because countless IoT devices lack any built-in security, they are low-hanging fruit for cybercriminals. We've already seen IoT devices used to create botnets capable of taking whole countries offline through DDoS attacks. The compromise of domain lookup service Dyn took down major sites like Amazon on the East Coast just a few months ago. Dyn resolved the issue quickly and said the attacks were "well planned and executed, coming from tens of millions of IP addresses at the same time."
Devices like IP cameras often lack built-in security, and they are always on and always connected to the network. Attackers can potentially gain access through web pages and cloud-based portals.
IoT devices can also offer easy access to networks, serving as gateways to enable attackers to steal data or deliver malware. More than 25% of identified attacks in enterprises will involve IoT by 2020, according to Gartner. Companies need to carefully assess how they are going to use IoT to deliver business goals, but security must be part of that assessment.
Without understanding and analyzing the risks, we’re opening ourselves up to serious exposure. The average cost of a data breach stands at $4 million now, according to the Ponemon Institute. The potential damage to reputation (and the fines that could be levied for failure to comply with regulations surrounding personal data, on top of the cleanup cost) could be enough to sink a company.
We are joining together devices and systems in a way that we've never done before, and we don't fully understand the potential dangers. The ramifications of a major attack could be devastating. For example, cybercriminals -- or even cyberterrorists -- might hack into car systems and simultaneously interfere with traffic light signals to cause crashes. They could disrupt ventilation systems, meltdown data centers by turning off cooling fans, or trigger widespread false alarms from multiple security systems.
By making things like the power grid, water systems, hospitals, elevators, and many other devices and systems accessible online, we're enabling hackers to exert potentially catastrophic control over the physical world. They could wreak untold havoc if we don't ensure that security is given the proper consideration.
What can we do?
Manufacturers must start designing security into IoT devices from the beginning -- it can't be an afterthought. We need security standards at the manufacturing level. As business partners and consumers, that's something we need to demand.
It's vital to secure those IoT devices. Any enterprise employing IoT should have a clear implementation policy for a secure framework. Instead of going ahead and connecting a lot of devices, stop to assess the benefit. Do they need to be connected? If they do, then make sure that unique usernames and passwords are set. Create a separate network to isolate the risk.
Potential vulnerabilities need to be identified and mitigation plans drawn up. Systems must be regularly reviewed, so they can be patched and updated as necessary.
When IT professionals were asked about the successful implementation of IoT solutions, security ranked as the most important (76%) and the most challenging (58%) element, per Forrester Research. Clearly, we can't afford to ignore IoT security any longer. We must develop new strategies and standards to ensure that the worst never happens.
The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications Inc., its parent, subsidiary or affiliated companies.
This article is published as part of the IDG Contributor Network. Want to Join?