Just about every organization and every person is online in some capacity, and hackers continuously look for ways to cause harm for monetary, political, social, or military gain. The Internet of Things, while increasingly embraced by both consumers and businesses, continues to be a vulnerable target for attacks, open for the taking. The IoT may provide unparalleled convenience, but it also gives hackers far too many opportunities to steal information from both the everyday family enjoying an Amazon Alexa in their home, to the massive corporation relying on their website to provide services to their customers, to stealing information from the government. These attacks are not going away anytime soon, in fact, they will grow in frequency and severity, so the question all IT security providers must address is, what can we do?
IoT attacks are also more and more driven by financial gain over any other motivator, as was the case in 2016 when the Mirai botnet used a band of conceded IoT devices to commence a massive DDoS attack, and in 2017 when WIFI and Bluetooth were subjugated by KRACK and BlueBorne. Experts predict that this was just the beginning, and bringing down the large websites of Twitter and Netflix are just the tip of the iceberg. In these cases, the hacker’s intention was to steal private data and hold the systems for ransom to obtain money.
In 2018, there will also be a rise of IoT consumer products in the home and workplace, opening the door for hackers to pilfer data from the everyday user. Because of the incentive of financial gain, businesses and consumers are in dire need of an IoT cybersecurity solution before millions of dollars in revenue and income are lost. However, it is difficult to regularly update IoT devices, leaving them hyper-vulnerable to new threats, and in addition to lacking in regulations, IoT is missing a capacity for robust cybersecurity features as botnets easily explore devices that are open to weakness.
Unfortunately, cyber attacks often cause more harm than just data breaches. Vehicles can be hacked to malfunction, medical information can be stolen and sold, and commercial drone technology can be reprogrammed to cause harm. This presents a harrowing risk of endangering the public, companies being subject to lawsuits, and at the least resulting in massive reputational problems and public relations nightmares; therefore, corporations and even the government will have no choice but to invest in cybersecurity initiatives as the liabilities of these attacks increase.
There are no security standards in place for the IoT industry yet, which leaves the door open for businesses to make the most of this opportunity. The General Data Protection Regulations that become active in 2018 are expected to sway the global IT world in a more defense-minded position, as the European Union looks to protect their citizens; however, with such a massive threat, what has kept some U.S. firms from investing in these measures earlier? Most believe that to efficiently battle hackers, the consumer experience could be negatively impacted. To counter this, corporations have started initiating protection for profit measures that bring together marketing with security in order to positively impact the customer experience. Marketing in many ways is already embracing this methodology through the use of MarTech, and can do the same for security personalization. 2018 Forrester predictions say 10% of firms will translate investments into company profits from security enterprises. It is also important to note that last year, Forrester predicted that more than 500,000 IoT devices would fall victim to a cyber attack, which unfortunately proved correct.
Endpoint security, especially physical endpoints, is where the most exciting changes are taking place. Everything from virtual cloud microservices to internet-connected toys can be considered an IoT endpoint, and with the growing number of users for these devices, securing these articles could be incredibly overwhelming. Instead, firms that want to jump into IoT protection should focus on observation, evaluation, and action. New technologies, from alerting and graphing to security and scalability, are proving themselves invaluable when observing unusual behavior, such as abnormal login times. By watching for threats and analyzing responses, a particular characteristic can set off a red flag. Intelligent technology coupled with an equally smart workforce will exponentially reduce these risks.
What else can businesses do? They could look internally by assessing attack pathways, establish readiness if an attack was to occur, and identify a plan for data and system recovery. At the minimum, verify and modify weak passwords and encryption codes, and backup data on a regular basis. What it comes down to is having a multitude of filtering capabilities in place and ready to go.
While it is a challenge to keep IoT devices updated to protect against the latest hacking threats, organizations comfortable with the market will step up. There are opportunities for firms to combat these hazards, but to do so, they must keep up with the hackers themselves.