What is the Internet of Things?
Put simply, the Internet of Things refers to the collection of different technologies that are connected to the internet, devices like smart TV's webcams, household appliances, it is becoming increasingly common for devices to be internet capable in order for them to be more easily controllable - why get up to switch on your kettle if you can manage that through an app sat on your sofa?
IoT is another step forward for technology, promoting innovation and connection, however there is one glaring flaw: Security. With all of these new devices now being connected to the internet, devices can share information across the globe, resulting in safer transport systems, home automation and the sharing of remote diagnostic info. But what safeguarding procedure do these devices employ? If they are compromised, our entire ecosystem could be undermined, and users private information will be at risk.
Inter-connectivity is great - but are the risks worth the reward?
Devices that are connected to the internet, such as smart TV's and webcams, are vulnerable to cyber attacks due to their security features not being as advanced as traditional computing systems, if these devices become compromised or infected this can cause issues for the owner of the devices who may no longer have control over them, and their personal information may be at risk. On a larger scale however cyber criminals can use large numbers of these compromised devices to send massive amounts of traffic to a website or server which can cause the server to fail in what is known as a DDoS attack.
It is clear to see that the consequences of not properly securing IoT devices extends to more than just a scary invasion of privacy for the home user, attacks on major websites are one thing. But what about if your car systems were breached? Or if someone were to gain control of a hospitals devices such as Bluetooth controlled insulin pumps?
Why is securing the Internet of Things such a difficult task?
There are over 5 billion connected IoT devices across the globe right now, and that number is expected to reach 20 billion by 2020, not only is that a massive number of devices, it also points to the diversity and complexity of all the connected devices out there, imagine all of these devices running different hardware, different operating systems, different applications and protocols, now try and secure them all: It's a near impossible task as the breadth of devices out there is simply too huge.
One factor that a majority of these devices have in common is that the overall processing power and storage space on these devices are very low, as they were never designed to be updated or upgraded, imagine trying to download antivirus software onto a thermostat, it just isn't going to happen. The danger comes when a large number of devices are compromised, whilst the individual processing power of an IoT devices is low, thousands of devices forming a botnet can cause large servers to crash under the sheer volume of requests.
Finally, these devices are designed to be online all the time, for example a control system in a power plant or factory, unless the device is undergoing maintenance, it probably never turns off as the system is running 24 hours a day. Devices that are always on are more than likely mission critical, making them high - value, high reward targets for cyber-attackers. If these devices are breached then the consequences can be dire, as once one system in a network is compromised it can lead to further corruption across the network.
How can we make the Internet of Things Safer
It is clear to see that traditional security solutions are not feasible then it comes to effectively safeguarding IoT devices, new solutions are needed and they start from the ground up: IoT systems must be designed with security in mind and designers must also take this attitude when a new system is being designed. As of right now industry leaders are often shying away from this in an attempt to maximize their profit margins.
Players in the IoT ecosystem must work together to clearly define the scope of risks IoT systems face, as well as share data on vulnerabilities, and define best practices on how to mitigate the risks of cyber attacks on IoT devices. The North West Cyber Security Cluster is one such organisation who's goal is to inform and educate consumers of the potential risks of IoT systems. These actions combined can help establish a robust security model for the internet of things, and hopefully make the predicted growth of IoT a reality without putting users at risk.
Yellowbus love to keep a finger on the pulse of all things cyber security related, if you'd like to know more, or just fancy a chat on how to improve your own businesses cyber security, give us a call on 01925 838386 or email us at email@example.com