IoT risks: from coffee machines to chemical plants
A recent high-profile Distributed Denial of Service (DDoS) attack enabled hackers to compromise coffee percolators, webcams, surveillance cameras, routers and indeed anything they could get their virtual hands on. They used these devices without their owners' knowledge to unleash a flood of internet traffic that overwhelmed and crashed popular sites like Twitter, Netflix, Airbnb and even The New York Times.
The world won't grind to a halt if Twitter goes down. But there is a broader trend of hackers targeting critical infrastructures like power grids, chemical plants and transportation systems. In their recent report, 'A new front in Cybersecurity,' BI Intelligence revealed that companies that operate critical infrastructure reported 295 cyber incidents in 2015. The report also notes that industrial control systems weren't designed to be connected to the internet, so they haven't benefited from the embedded cyber security capabilities needed to ward off hackers.
Whatever industry you're in, the potential for disruption is almost unlimited. Imagine if the digital keypad that operates the power to your server room were hacked and switched off remotely – how much would your business stand to lose?
IoT security – where do businesses even begin?
Regardless of their current involvement in IoT-enabled models, businesses in all industries need to start taking the initiative now, from researching emerging IoT security best practices to learning how to master the transition from securing traditional PCs, servers and mobile devices to managing connected devices and sensors.
Many of the inherent challenges of IoT are very similar to those that have been faced and, to some extent addressed, in the Bring Your Own Device environment. Incorporating capabilities such as remote lock and wipe will be crucial if organizations are to deal swiftly and decisively with compromised devices.
Businesses also need to understand where the vulnerabilities of connected devices may lie, how complex they are and how severe a threat they pose. This risk assessment will be no easy feat, considering most of these devices are comprised of hardware platforms and software that the majority of IT teams will be unfamiliar with. It also means any project involving connected devices must be designed with security front and center, incorporating robust, role-based controls to ensure adequate protection. A further challenge of the IoT explosion will be to work out how to patch any device vulnerabilities promptly, since the complex firmware updates currently required are generally too complex to address on the fly.
Wi-Fi: friend or foe?
The proliferation of Wi-Fi-enabled devices connecting to the internet means businesses will need advanced threat intelligence tools to learn how to tell the difference between legitimate and malicious traffic patterns on IoT devices. For the most part, users themselves will not be sufficiently cyber-savvy to determine that the seemingly innocuous app they're about to download onto their smart phone contains malware.
Lastly, as more and more devices connect to the internet rapidly increasing demand for bandwidth, this may end up robbing critical applications of bandwidth, resulting in poor customer experiences, diminished employee productivity and falling business profitability. If organizations are unable to simply add bandwidth, they will need to increase traffic management, monitoring and prioritization efforts to ensure business continuity and avoid potential loss of customer loyalty.