The proliferation of IoT devices for both consumers and business has opened up a new market that’s estimated to reach a whopping $661.74 billion by 2021, from $157.05 billion in 2016. Considering the obvious business opportunities, security researchers have expressed concerns regarding the security mechanisms – or lack of – bundled with “smart things”.
Because IoT devices are likely to be remotely controllable and available from anywhere around the world, operators are also expected to start preparing for a huge amount of machine-to-machine trafficking, that could raise serious issues if not properly managed, secured, and regulated.
Upcoming Threats and How Operators Should Prepare
As with every new technology that hasn’t been built with security in mind, the risk of cybercriminals developing new threats specifically targeting them is high. We’ve already seen serious vulnerabilities in IoT devices allowing for complete remote control, and we’ve seen Trojans specifically built to target smart IoT “things” with the purpose of “enslaving” them into a botnet. Because there are no inherent security mechanism built in, we’re seeing the same type of threats being used on PCs 15 years ago targeting smart devices.
Organizations thinking of integrating smart sensors and other IoT devices need to first start designing strong management platforms that allow not only rapid deployment and management, but also security and privacy policies.
Operators constantly emphasize connectivity as their core value proposition but, as security researchers have proven time and time again, that’s not enough. Simply networking devices together is not enough, as encryption and strong communication protocols need to be considered as well. Also, operator networks are mostly designed to support local market requirements, while IoT is designed for global networking coverage. This means that operators should probably focus on globally expanding their network connectivity services.
With 5G network standards being brought into focus, operators could also actively participate in designing and developing new IoT standards for machine-to-machine industrial IoT.
Is IoT Security Being Taken Seriously?
Most IoT manufacturers have mainly been interested in rapidly pushing new products to market, focusing on usability or addressing a specific customer need. Security has sometimes been completely disregarded or poorly implemented at best. While debates on building an IoT framework to which manufactures can adhere to have been in the works for some time, little progress has been made towards enforcing security standards.
What’s even more worrisome is that some IoT devices don’t even have an update mechanism through which security updates and fixes can be pushed to device. If anything, this leaves them exposed to security vulnerabilities throughout their entire lifecycle.
How Other Companies Integrate IoT
While some companies have begun actively preparing IoT integration strategies and planning for integration, it’s still difficult for them to handle all security aspects associated with IoT, especially since there are few build-in management capabilities. To that end, they’re mostly left with options such as isolation and segmentation for limiting potential attack vectors that could compromise their IoT network.
Large businesses and organizations have also begun creating their own internal frameworks for supporting, testing, and managing IoT networks, but it’s still unclear if this segregation will offer long-term results.
Depending on the type of network, shared resources, and function, there are various best practices for securing them. Since IoT has yet to adhere to any standards, most organizations’ IT administrators opt for isolation. This usually implies that IoT devices are isolated from both critical infrastructure and from the internet, minimizing risks associated with a potential security vulnerability or breach. However, this does not cover the management and integration aspects that allow operators to create quick and cost-effective custom applications and services.
Noting is really “hackerproof” – APTs are a perfect example of that – but security mechanisms can be set in place to minimize the attack surface. To that end, operators need to start working with security vendors and researchers on building a robust IoT framework that can offer privacy, management, security, and connectivity across all smart things around the world.
Standardization comes with the benefit of allowing operators to efficiently build centralized management solutions, while offering across-the-board security for any and all IoT devices. The more things get connected, the greater the risk of having them exposed to threats that may cause irreparable damages to businesses and critical infrastructures.