The Internet of Things is Taking Over, and With It Comes a Number of Pressing Security Concerns
Dawn of the Internet of Things
The Internet of Things (IoT) may seem to be everywhere nowadays (and it is), but believe it or not, it is still very much in the beginning stages of development and proliferation. IoT devices and their implications are affecting the manufacturers that produce them and businesses and consumers who use them, and the world is still catching up. IoT is bringing exciting opportunities for increased efficiency, improved accuracy of information about our daily lives, and real-time transmission of relevant data; but with these advantages come many challenges and risks.
Connected: the word that epitomizes the state of the tech world today pervades every conceivable area of information technology, and IoT is a major factor. There are a lot of uses for IoT, but with every connected device comes the opportunity for it to be compromised.
According to the October 2016 451 Global Digital Infrastructure Alliance Report:
- Endpoint security is the number one biggest IoT security concern. 63% of respondents reported physically unsecure endpoints as the top concern.
- Poor authentication of IoT endpoints closely follows at 55%.
Security is the Biggest Risk, and Overall Concern
The report also surveyed respondents regarding their biggest overall IoT inhibitors/concerns.
- 50% of respondents said that security was the biggest IoT inhibitor
- Other major security concerns mentioned include:
- Unsecured application security vulnerabilities within IoT systems (47%)
- Unsecured network between IoT endpoints and central networks (42%)
So, it’s clear—security is the biggest IoT concern. But why? Simply put, if you’re always connected, you’re always vulnerable, as summarized by CMS Wire. Unfortunately, the trajectory to a secure future state for IoT is not likely to get easier or shorter. Through the evolution of IoT, billions of devices will be connected to the Internet, and every single device is a potential opening into its manufacturer’s IT infrastructure, company information, or personal data of the user.
A study conducted by HP’s security unit, Fortify, determined that 70% of popular consumer IoT devices can be easily hacked, which is a marked IoT problem that numerous security professionals are working tirelessly to address. There are two overall problems precipitating the security obstacles of the IoT:
The rush to produce
IoT almost feels like it happened overnight, and now there are few devices left that aren’t connected to the Internet. Mass production of IoT devices is taking place on a daily basis in order to respond to consumer demand, but the rush to deploy products often results in a lack of security considerations in the design phase, according to Threatpost. Failing to incorporate security in the original design is a considerable risk—products should feature security by design, rather than retrofitted solutions.
Additionally, many IoT devices don’t have the processing power or storage needed to host endpoint security software. There are many IoT products that don’t have the ability to have firmware updated with security protection, which can lead to problems like malware vulnerabilities, DDoS, or man-in-the-middle attacks.
Lack of standards for sharing and protecting data
While there are IoT standardization efforts taking place, such as the Open Interconnect Consortium, overall there is no standard body of IoT security regulations for manufacturers to adhere to, which doesn’t help matters. Every business must decide independently what security controls will be employed, without a baseline for the bare minimum.
Going Up Against the Security Threats that Come with the IoT
There is definitely a lot of work to be done on IoT security, but reassuringly, larger manufacturers, such as Belkin, are beginning to respond to the issues, as reported by CSO from IDG. Many companies are making progress with recognizing security issues and figuring out how to respond to problems and prevent them from happening in the future.
Quite a few smaller companies are making IoT devices, so the looming security challenges of IoT are far from gone, but every company has the power to take control. IT departments should applying security monitoring, certification, and testing efforts to IoT devices, and collaborate with vendors to ensure patching, tracking, and protection.