The days of “dumb” analog devices are at an end. These days, everything has to be “smart” and a part of the Internet-of-Things (IoT).
Digital devices are now designed to connect and communicate with each other and be controllable remotely using smart phones. Enterprises are all jumping on the bandwagon, installing smart lights for their offices and
using connected sensors and robots in their factories.
Research firm Gartner estimates that 14.2 billion connected devices will be in use this year. By 2021, the number is expected to reach 25 billion. However, this increasing rate of adoption is only giving rise to more cybersecurity concerns. Given its varied use cases, enterprise IoT can open up some worrisome vectors of attacks that cybercriminals can
exploit.
In its 2019 cybersecurity report, Bulletproof cited that the popularity of smart appliances has contributed to the growing risks of attacks like data
harvesting. IoT security provider FirstPoint also identified that hackers are nowcapable of launching cellular connectivity-based attacks to disrupt IoT devices that rely on such signals to transmit and stream their data. And, even today, security firm Imperva has found that the notorious IoT-reliant Mirai malware is still actively being used to carry out massive distributed denial-of-service (DDoS) attacks.
Organizations keen on adopting IoT must understand the cybersecurity risks that the technology may bring. This
way, they can adjust their respective security strategies to accommodate IoT as potential vector for attacks.
Attackers can exploit IoT devices in a variety of ways. Among the potential attacks against enterprise infrastructure may include: Denial of Service. IoT devices can play a couple of roles when it comes to denial-of-service (DoS) attacks.
Firstly, IoT devices can be hijacked to carry out DoS attacks. In the case of Mirai DDoS attacks, IoT devices such as webcams and routers are infected by malware. Once infected, these devices now become part of a botnet that can be used to launch DDoS attacks against any network.
Secondly, IoT devices can also be the target of DoS attacks. In an industrial setting, IoT devices often come in the form of sensors and trackers that send out data in real time to control systems. Cellular-based DoS attacks can prevent data to be sent out, disrupting operations.
Downtime caused by these attacks can be costly for any enterprise. Breaches. IoT devices may gather and process sensitive data which are prime targets for cybercriminals to steal. Enterprise data may contain valuable proprietary data which can be used to extort companies or be sold on the black market.
Hackers may also steal personal identifiable information and biometric data from IoT devices. Biometric scanners, for instance, process facial recognition and fingerprint data. Given that these data are also popularly used to secure other devices such as mobile phones, hackers may be able to use them to compromise these systems.
Hackers can easily intercept information from the devices themselves or during transmission. They can also targetvthe servers or storage services to which IoT data is transmitted. Espionage and Sabotage. Enterprises are now popular targets for espionage and sabotage. American tech companies, for example, are known to be the focus of state-sponsored
attacks as part of cyberwarfare. Attacks on large enterprises can be
significant enough to affect the economy.
It isn’t just state-sponsored attackers that may try to cause disruption to enterprises. Unscrupulous competitors may also resort to espionage or sabotage in order to gain an advantage over rivals. But regardless of the entities behind the attacks, IoT devices are now also being exploited for these reasons.
Fortunately, there are various ways to mitigate IoT-focused attacks. These include: Adopting cellular network-based security. An emerging approach to enterprise IoT security is a cellular-based approach.
Security providers can integrate with the mobile network operator's systems and create secure virtual networks. All communication from IoT devices are encrypted and routed through these networks where algorithms screen for and block threats.
Investing in secure devices - Part of the reason why malware have
easily spread across is due to the proliferation of low-cost devices in the
market. These devices, unfortunately, lack the necessary security features to prevent malware and hackers from hijacking them. Companies may be tempted to go cheap and opt for such devices. But, it would be wise for them to invest in devices that can be secured from manufacturers that provide sustained support.
Applying stringent access management - Poor access management has
also allowed attackers to easily hijack devices. Users often leave devices
running using default access credentials. Attackers have tools and automated scripts that can readily take over such devices. These can be prevented by using secure credentials and avoiding password reuse.
Comprehensive data protection - Organizations must also ensure that the ways they retrieve and store data coming from IoT devices are kept secure. Security solutions such as breach prevention services are now available to comprehensively protect devices and servers against malicious traffic and hacking attempts.
Given how IoT has become the next big thing, it’s inevitable for more enterprises to try and take advantage of the hype. They should, however, be aware that investing in cutting edge technologies come with plenty of caveats and threats of cyberattacks are just among these risks.
This said, these issues shouldn't entirely discourage companies from IoT. Connected devices have shown to benefit users including cost savings through efficient and automated operations and game-changing insights from big data generated by IoT.
What is key is for companies to formulate strategies to mitigate IoT attacks and strengthen their security measures. This way, they can still enjoy the benefits of IoT adoption while minimizing their exposure to attacks.