The Internet of Things: Changing our Thinking on Security

The Internet of Things (IoT) presents some serious opportunities. By equipping everyday objects with the connectivity to send and receive data over a network, we reap the benefits of big efficiency gains, better data-gathering and sharing, and whole new worlds of functionality.

Then again, it also brings some serious risks. By dramatically upping the volume of connections and data transfer, we’re also creating a virtual playground for hackers, in which even your refrigerator could turn against you.

That’s not a hypothetical.

IoT Smart FridgeIn January of this year, Proofpoint observed and profiled a cyberattack that targeted enterprises and individuals around the world, in which “thingbots” – including a variety of consumer gadgets such as home routers, televisions and yes, even a refrigerator – were surreptitiously commandeered to generate upwards of 750,000 malicious spam and phishing emails.

The incident makes history, because it’s “the first time the industry has reported actual proof of such a cyber attack involving common appliances.”

That said, it won’t remain anomalous for long. There’s more where that came from.

Obvious Vulnerabilities

The problem isn’t just that there are more devices to hack, or that hackers have grown pretty sophisticated over the last few decades. The sad fact is, a lot businesses aren’t even locking their doors. Few organizations make a reliable effort – if any effort at all – to secure their devices.

Take the continued use of default passwords, for example. In a recent Tripwire study, 30% of IT professionals and 46% of employees had not changed the default password on their wireless routers. This, combined with a variety of other obvious security deficiencies, created noticeable vulnerabilities in 80% of Amazon’s top 25 best-selling SOHO wireless routers.

As Proofpoint summarized:

Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.

A Few Obvious First Steps

The Internet of Things has only just begun. In December of last year, Gartner predicted it will grow to 26 billion units installed by the year 2020. In other words, what we feel today is but the first spray off the wave.

While we can’t yet predict where the M2M wave will take the security industry, we can be sure to see new security innovations, requirements and best-practices continually unfolding over the next couple decades.

The question is, will we be listening?

At a time when the majority of players on the business landscape have yet to incorporate today’s best practices, tomorrow’s performance hangs in the balance. One thing, however, is clear: the way we think about security is in for a change.

Is your organization doing everything it can to close the door on hackers? Learn what defense-in-depth security really looks like in the M2M era: get our white paper here.

Leave a Reply