During the early days of the dot com boom, websites, server farms, and IT infrastructure were popping up in droves, with security being treated as an afterthought. Fortunately, we as a society came to our collective senses and decided that at least some sort of cybersecurity was necessary. Now, our desktop PCs, laptops, and mobile phones benefit from basic virus scans and malware blockers, but the rise of Internet of Things (IoT) devices has opened the floodgates to a new generation of digital threats.
IoT Presents New Challenges for Security
A 2016 study by Gartner showed that within the next couple years, more than half of new business processes and systems will incorporate an IoT component. While this is great news for users who love the convenience of smart technology, the trend presents significant risks: Data loss, data theft, and privacy issues chief among them.
The problem is that of basic security. While most internet-enabled IT devices (routers, security systems, etc.) come equipped with security features, few IoT devices enjoy this benefit. This inherent lack of security is the biggest driver of change in our cybersecurity landscape.
IoT devices produce new, and harder to detect, attack vectors for hackers and illicit users. It’s easy to tell when our laptops have malware, but what about our webcams? Or our copiers?
Obviously, IoT devices connected to business networks that house sensitive customer information are prime targets for hackers, but even if the devices don’t have access to sensitive data, they can still be manipulated to cause harm. IoT devices are common prey for botnet and DDoS schemes, such as what happened during
2016’s highly publicized Mirai botnet attack that used about 100k infected devices (webcams and modems) to take down prominent sites like Reddit, Twitter, and Netflix, as well as leave nearly a million German customers without access to the Net. And unfortunately, these incidents will only become more common as IoT devices proliferate in the marketplace.
The Changing Cybersecurity Landscape
Just as users realized they couldn’t use computers that weren’t equipped with antivirus protection, users of IoT devices are slowly realizing that internet connectivity can spell danger. In short, we’re wisening up:
- Administrators of corporate IT networks are cracking down on which devices actually need internet connectivity and which don’t justify the increased cybersecurity risk.
- Businesses are gathering more information about each IoT device’s security lifecycle, from how firmware is upgraded to how bugs are patched.
- Network segmentation of IoT devices is becoming the norm to protect vulnerable endpoints. This involves partitioning each IoT device into secure segments that aren’t connected to traditional IT infrastructure, guaranteeing that should a breach occur, only the IoT device itself is affected.
Overall, the rise of IoT devices has made us more wary and less willing to accept convenience for the sake of convenience, but the cybersecurity industry still has a long way to go. Security for IoT devices needs to become a priority and integrated into each system while the device is still in the design phase. Users need to be more vigilant about their internet-enabled toys. And businesses need to implement good security practices across all employees, and the hardware itself, to guarantee that they aren’t exposed to digital threats.