Internet of Things and Cybersecurity

A total of 188 million accounts were breached by fraudsters in three months to March this year (2023) in Kenya, a new report by the Communications Authority (CA) shows, noting that weak systems accounted for a chunk of overall cyber-attacks among Kenyan firms. In addition to attacks becoming more sophisticated, CA noted that threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices.

The Internet of Things, as a concept, wasn't officially named until 1999, but one of the first examples of an IoT is from the early 1980s, and was a Coca Cola machine, located at the Carnegie Mellon University. That tells you IoT is aged and antiqued but still significant. Local programmers would connect through the Internet to the refrigerated appliance, and check to see if there was a drink available, and if it was cold, before making the trip to purchase one. This sounds so modern yet it has been with us for ages.

The contemporary industrial revolution heralds the merger of manufacturing with technological processes such as automation, alongside novel networking models such as the Internet of Things (IoT) and Machine to Machine communication (M2M).

What inherent characteristics makes IoT susceptible to cyber attacks?

IoT possesses several inherent characteristics that make it susceptible to cyber attacks. Understanding these vulnerabilities is crucial for developing effective cybersecurity measures. Some of the key factors contributing to the susceptibility of IoT to cyber attacks include:

1. Limited Resources: Many IoT devices have limited processing power, memory, and energy resources. This limitation may hinder the implementation of robust security measures, making it easier for attackers to exploit vulnerabilities.
2. Insecure Device Design: Some IoT devices are designed with a primary focus on functionality and cost, often at the expense of security. Security considerations may not receive adequate attention during the design and development phases, leading to inherent vulnerabilities.
3. Lack of Standardization: The lack of uniform security standards across the IoT landscape can result in inconsistencies in security implementations. Varying security protocols and practices make it challenging to create a cohesive and standardized approach to IoT security. You will find all manner of devices with no clear standards for one particular function eg smart water or asset tracking.
4. Proliferation of Devices: The sheer number and diversity of IoT devices increase the attack surface. Each device represents a potential entry point for attackers to exploit, and the large-scale deployment of IoT devices provides more opportunities for malicious activities.
5. Insecure Communication: IoT devices often communicate over various networks, including wireless and the internet. Insecure communication protocols, lack of encryption, and inadequate authentication mechanisms can expose sensitive data to eavesdropping, tampering, and unauthorized access.
6. Lack of Updatability: Some IoT devices may lack the capability to receive firmware or software updates. Many are the times one has to do an overhaul of the IoT device to update the firmware or software. This leaves them vulnerable to known exploits and vulnerabilities, as they cannot be easily patched or upgraded to address emerging threats. Huge threat for hackers to exploit.
7. Data Privacy Concerns: The extensive collection of data by IoT devices, often without explicit user consent or awareness, raises significant privacy concerns. Inadequate protection of this data can lead to privacy breaches and identity theft.
8. Physical Exposure: Many IoT devices are deployed in physically accessible locations, making them susceptible to physical tampering; deliberate or unknowingly or theft. Physical attacks can compromise the device's security mechanisms.
9. Interconnected Ecosystems: The interconnected nature of IoT ecosystems means that a compromise in one device could potentially impact the security of other connected devices. This interdependence creates a domino effect, where a successful attack on one device may lead to broader security issues.
10. Supply Chain Risks: The complex and global supply chain for IoT devices introduces additional risks. Inadequate supply of microchips especially after Covid19 disrupted many channels of supply. Malicious actors can exploit vulnerabilities in the supply chain, compromising devices during manufacturing, shipping, or distribution.
11. Legacy Devices: Many IoT deployments include legacy devices that may not have been designed with modern security standards in mind. As mentioned earlier, IoT has been with us for sometime, thus these devices may lack essential security features and are more susceptible to exploitation.

IoT presents many benefits in many industries. Addressing these inherent vulnerabilities requires a comprehensive and collaborative approach involving manufacturers, developers, regulators, telecoms and cybersecurity experts.

Establishing and adhering to security best practices, promoting standardized security protocols, and fostering awareness about IoT security are essential steps in mitigating the risks associated with IoT cyber attacks. It is a multiprong approach.