Briefly, we skimmed the surface of the Internet of Things in a previous post (read it here!) but for the next series will dive deeper into the effects and risks of IoT. In this post, we will talk about the greatest threat to IoT which is security. Experts say that security is the biggest concern and it completely makes sense. By 2025, it is estimated that IoT can impact the economy by $3.9 trillion to $11.1 trillion per year. Gartner, Inc. predicts that there will be 20.8 billion “things” connected to IoT by 2020.
We’ve seen reenactments of situations where devices are not doing what they are designed to do because they are taken over through a network. Or have the vulnerability to be “reprogrammed” if placed in the wrong hands. All thanks to the creative minds of motion pictures. But just how close are we to experiencing this in real life?
More and more devices are being connected to networks from refrigerators to security cameras to SmartTVs. There are even baby monitors and medical devices connected to IoT. Does this leave us to be more connected or vulnerable to threats? Absolutely. This leaves even more devices open to the threat of Botnets. A network of computers that cyber criminals use to hack into other computers and “things” without user knowledge forwarding data and information to other computers. The more network is being built, the more hackers will evolve to find ways to use devices perhaps no one could fathom. Imagine medical devices or manufacturing machines being hacked into, sounds like something from a movie.
Prevention of Botnets and hacks can be trickled down to the development phase. IoT organizations take security into account at this level but in a survey taken in 2015 by Capgemini Consulting, they discovered several alarming points from major IoT organizations and device creators.
- 48% of organizations focus on security of their devices from the beginning of the development phase
- 33% of IoT executives believe that the IoT products in their industry are highly resilient to cyber security attacks
- 47% of organizations do not provide any privacy related information regarding their IoT products
- 20% hire IoT Security experts
Additionally, it has been noted that security efforts have increased among IoT organizations but it is still not proactive. In this competitive market, organizations are focusing on bringing their products to their customers quickly because of the high demand. Because of this, security falls by the wayside. Security in all aspects is difficult to cover in the development phase and the cost of investing can be too high for organizations.
Earlier this year, there was a breach in over 8,000 user names and passwords. Of those, 144 had unique usernames and passwords. So, what can you do? While it’s difficult to completely disconnect, make sure you read privacy information in its entirety and create those impossible to remember passwords. Go for the STRONG level. Never use default usernames or passwords in your networks and make sure to refresh those passwords!
While organizations like the International Standards Organization and Institute of Electrical and Electronics Engineers are working to increase security in computer architecture, newer organizations such as the Internet of Things Security Foundation and the Cloud Security Alliance have been created to target specifically cloud data security and network security. The non-profit IoTSF offers security courses and best practice guidelines.
It seems that IoT security comes back to the user and more importantly IoT development organizations. It is important to create a culture of security instead of reacting to it after the fact. It is all well and good to have new devices make everyone’s lives convenient and easy but let’s think about the cost that could come with it when your information is placed in the wrong hands. Let’s be proponents of proactive prevention.