Over the next few years, companies will be connecting billions of unconventional devices to the Internet. Find out how this wave of web-connected devices will affect the security of your business’s data.
The Internet has radically changed society over the last few decades. It will continue to shake things up in the years to come as consumers are starting to connect thermostats, lights, refrigerators, and other unconventional devices to the web. This phenomenon is known as the Internet of Things (IoT).
The IoT is not limited to consumer devices. Companies are also beginning to connect devices such as security cameras and heating, ventilation, and air conditioning (HVAC) systems. Gartner predicts that 26 billion devices will be online by 2020.
Some devices have IoT technology built into them, whereas other devices have the technology added to them. Either way, the IoT technology collects data about the devices and sends it to applications by means of the Internet. People often use the applications to not only monitor devices but also control them.
Using IoT devices has its advantages, but it also exposes companies to security risks. Hackers are already beginning to exploit IoT devices.
Both business owners and home owners can benefit from IoT technology. They can control IoT devices from just about anywhere using their smartphone or tablet. They can lock doors, turn off lights, check appliances, dial down the thermostat, and monitor areas when no one is around.
Business owners can also benefit from outfitting crucial equipment and systems with IoT technology. The data returned from them is priceless. It can give business owners early warnings about problems before they turn into costly mechanical and system failures. The data can also help business owners make better decisions about equipment and energy usage.
The Security Issues
Using IoT devices can expose companies to security problems. IoT-ready devices often have security vulnerabilities such as default passwords that are easy to crack and firmware updates that are easy to spoof. Plus, unauthorized users can often bypass the security measures in the devices’ web applications.
Just as troublesome is that many users do not realize they need to protect their IoT devices. After all, when the average person thinks of cybersecurity, they are usually picturing computers, not web-connected refrigerators. As a result, they do not use anti-malware programs and network security tools to protect their IoT devices. These insecure devices can put a company at risk since they are usually connected to the network that hosts the company’s critical data and applications.
To protect your IoT devices and your network, you need to make sure that:
- Each IoT endpoint in your network is a legitimate device and not one being run by a hacker
- The data being sent over the Internet is not being spied on, changed, or stolen
- Personal and sensitive data remains hidden from prying eyes, even if those eyes belong to authorized users
In short, you must authenticate your IoT devices, ensure data integrity, and set users’ permission levels in way that preserves confidentiality. The massive scope of the IoT phenomenon makes managing these issues especially challenging.
How Bad Actors Exploit IoT Devices
As the number of IoT devices increases in a network, so does the likelihood that a hacker will be able to find one with weak security. After taking over one IoT device, the hacker can access the rest of the network. At that point, the hacker is free to steal information or install malware.
Hackers can also use IoT devices as part of a botnet. A botnet consists of a large number of computers and other devices under a hacker’s control. Hackers use botnets to send large amounts of spam and malware. The cybersecurity firm ProofPoint discovered one of these attacks in January 2014. The botnet included more than 100,000 devices, including routers, televisions, multimedia centers, and at least one refrigerator. Over a two-week period, the hacker used the devices to send 750,000 malicious emails to companies and individuals around the world.
Hackers can also use botnets to bombard networks and websites with service requests or messages. When the network or website can no longer cope with the onslaught, it shuts down.
Much more troubling is the fact that hackers are starting to use IoT devices to inflict physical damage. For example, in December 2014, German officials revealed that a steel manufacturing plant had fallen prey to hackers. After breaking into the plant’s network, the hackers disabled the controls on one of the blast furnaces. Due to the attack, the furnace was unable to shut off and caused massive damage to the facility.
In the government and in industry, there is much hand-wringing and concern for organizations that provide Critical Infrastructure, such as power-generation plants and water utilities, since much of the equipment used to control the pumps, motors and other key devices was designed decades ago prior to the Internet age, with little or no security. Many of these devices were subsequently “plugged in” to the Internet and are now susceptible to attack.
Cybersecurity experts are also concerned about the possibility of hackers taking control of Internet-connected cars. After hacking into a car’s system, the attackers could steal it. Worse yet, they could hijack a car while the owner is driving it, as demonstrated by a cybersecurity expert in a “60 Minutes” news report.
It’s not just hackers – last year researchers demonstrated how they gained access to a Nest “smart” house thermostat. This thermostat is designed to “watch” movement patterns in a house to see when it is occupied and to heat/cool it at the right times. So a bad actor could use this data to determine the best time to burglarize the house.
The Future of Cybersecurity
No one doubts the value of IoT devices. There are questions, however, about the ways in which companies can safely implement them. To answer these questions, companies should look to their trusted IT partners. These experts can offer guidance about the best ways to safely capitalize on the opportunities offered by the IoT phenomenon.