Building a Secure IoT World....

Covid-19 brought significant digital transformations and made the norm for Work from Anywhere (WFA). With the proliferation of “smart devices” or Internet of Things (IoT) devices, there is significant increase in security challenges and issues as the cyber-attack surfaces expanded to living rooms, kitchen, home, café through these smart devices. 

Anything with an internet connection, from a fitness tracker, camera, speaker, drones, kitchen aid, smart locks, television, home lighting, vehicles, refrigerator, and even smart toys could pose IoT security challenges and risks to overcome.

New IoT devices come out practically every day, with unknown vulnerabilities and the manufacturers of these devices do not spend enough time and resources on security. Not to blame them as security is never meant to be their core competency. Most of these devices can expose email credentials, vital data, and information. There is lack of universal IoT security standards. Absent that, manufacturers build products without keeping security as a key element in their product design process.

Users also lack knowledge and awareness of IoT and its functionalities as it is relatively a new concept. While manufacturers build products with vulnerabilities, users and business processes pose bigger threats. A hacker could target a human instead of a device using IoT as part of social engineering attacks. Some of these IoT devices could physically be tampered with and users are not aware of their responsibilities to keep IoT devices physically secured.

Updates are critical for maintaining security on IoT devices. Manufacturers sell devices with the latest software updates, but it is almost certain that new vulnerabilities come out from time to time and several IoT devices are used without the necessary updates. Such IoT devices are highly vulnerable to malware attacks. When they are compromised, they can be used as weapons to send incredibly vast amounts of traffic to any target.

Botnet & DDoS attacks are very common in IoT environment. Single IoT device infected with malware does not pose any real threat but a collection of them can pose serious threats. To perform botnet attack, a hacker creates an army of bots by infecting them with malware and directs them to send thousands of requests per second to bring down any website or any other target.

Ransomware is evolving and often used to block access to sensitive files with encryption. Hackers infect the device first and then demand a ransom fee for the decryption key unlocking the files in the device. Since most IoT information or data is stored in the cloud, hackers may not get hold of sensitive data, but they can certainly lock down entire device functionality. All wearables, healthcare gadgets, smart homes, and other smart devices might be at risk.

In Healthcare industry, with the emergence of IoT, critical data is always on the move. A hacker can gain access to a medical IoT device, control it, and then alter the data. A compromised medical IoT device can be used to send false signals and output, which in turn can guide health practitioners take wrong clinical decisions based on the data and analytics they receive.

Consumerisation of IT along with IoT has resulted in explosion of devices in the enterprise network and home network. The biggest challenge for any network and security administrator is to manage all devices and yet secure the perimeter. A malicious IoT device could be installed in secured networks without authorization and then a hacker could nicely integrate these compromised devices with existing group to collect sensitive data, breaking network perimeter security.

IoT has begun to convert the world into network of “smart things” by collecting and analysing personal, sensitive data and information. The world will see this trend continuing for many more years to come with bigger complexities related to IoT security. There is a strong need to standardise IoT to make our home, office, city, manufacturing plant, and airports safe and secure. The smart devices around us need smart and dynamic security!