The Internet of Things is expected to grow to 8.4 billion
devices in 2017, with predictions of more than 20 billion devices by 2020.
While this market is growing rapidly, it faces a major barrier on the way to
Connected devices are vulnerable, as seen in the DDoS
attack on October 21st, 2016, which took down the DNS provider Dyn. Large
websites such as Etsy, Twitter, PayPal, Verizon, Comcast and Reddit were among
the many that were virtually unusable during this attack. The hackers turned to
unsecured IoT devices to create an extensive botnet so they could push enough
traffic to take down Dyn.
While this was the largest attack caused by IoT security
issues, it certainly isn't the first. The IoT market needs to find a way to
properly secure these devices before more high-profile attacks completely
negate the benefits of having this connected technology in your organization.
The Consequences of
Unsecured Connected Devices
IoT devices add countless potential attack surfaces to an
organization, whether you have an official policy or people are bringing in
their own technology. They are trying to connect to your network and have the
potential of giving attackers a direct entry point to your infrastructure.
While several unified platforms are emerging that cover
IoT security standards, such as MIDAS, Unify IoT and Universal Internet of
Things Platform, you could be dealing with dozens of devices whose suppliers
don't have the same protection in place. Outdated firmware and software could
also make it easy to exploit IoT technology and use it as an attack surface.
The sheer variety of form factors, operating systems, feature sets and vendors
introduces complications that your current IT security resources may be unable
IoT requires a complete reevaluation of your IT security
strategy and the personnel's mindset. The staff needs to understand that every
connected device could represent a vulnerability point, even if they are not
used to accommodating this type of connected equipment. The downtime can lead
to substantial financial losses depending on the systems affected, with
disruption across the entire organization.
Vulnerable IoT devices can also have their functionality
compromised, which could lead to potentially life-threatening situations.
Consider smart devices used in manufacturing applications. If an IoT safety
sensor got compromised, it could result in employees ending up in unsafe
situations that could cause injuries or death. Another example comes from the
medical field, which is adopting a wide range of speciality IoT devices to
improve patient care. If a monitoring device reported the wrong sugar levels on
a diabetic patient, they could end up in a coma.
Something as simple as a compromised thermostat could
have long-term consequences for a company. If the heating or cooling is run at
inefficient levels, the overhead costs could slowly start to eat into the
budget. Data centers with cooling systems that are being maliciously controlled
could lose their ability to regulate heat and lead to hardware failure.
Automobiles are another example of a connected system
that can be compromised. Hackers could disrupt the vehicle's GPS, making it
difficult to track the location of your fleet, control systems such as the
radio, or potentially cut out critical systems that are necessary for
This problem is only going to get worse as IoT continues
its rapid expansion over the next few years. Many organizations aren't prepared
to deal with the security issues that they bring to the table. You can put
yourself in a good position to account for these concerns through security
The Role of Security
Analytics in IoT
Security analytics can help you handle the complex IoT
landscape, especially for devices that don't have strong security features on
their own. You will not necessarily be able to control all of the IoT devices
coming into your organization, as evidenced by the prevalence of shadow IT
generated from unauthorized personal technology. With security analytics, you
can gain the data and insights required to protect your IT resources. A few
vendors operating in this area include NetSentries and Argyle Data.
Security analytics can identify the red flags that often
precede a breach or attack. You can find devices that are communicating with
unauthorized systems or networks and lock them down before someone can use that
device to get into your infrastructure.
IT security specialists can use security analytics
solutions to look beyond perimeter-based protection and determine whether they
need to take action based on the network traffic they're seeing. With this type
of tool in place, they have the possibility of derailing zero-day attacks
before it cripples your organization or causes a costly data breach.
Machine learning plays a role in automating part of this
process, so your IT security staff aren't overwhelmed by the sheer volume of
information that they need to look at. As your organization fends off attacks
related to your IoT devices and discover more markers for potential
vulnerabilities, the security analytics solution can use this data to handle
lower priority issues. Your IT security analysts can focus their attention on
complex exploits and other concerns that require their hands-on touch.
The IoT market cannot succeed if device performance is
constantly marred by security exploits. While IoT devices can transform current
business processes and models, they need the support of a robust security analytics
solution to protect them from countless threats. This combination gives your
organization the opportunity to harness the power of IoT without opening
yourself up to an unreasonable level of risk.