The Internet of Things continues to build momentum, with connected devices ranging from fridges, light bulbs and TV’s. The question is, what happens to the data these connected devices create? What do we need to do to secure these networks?
CBR looks at what the industry experts have to say on IoT and security, giving an indication on how the IoT landscape will look in 2015.
1. Nothing to worry about Vs Internet of Vulnerabilities
Security solutions provider WatchGuard assures the industry that the Internet of Things will not bring a rise of machines. The company stated: "Embedded computing devices (IoT or IoE) are everywhere and have security flaws. But today’s cyber criminals typically don’t just hack for the heck of it; they need motive. There’s not much value to having control of your watch or TV at this point, so we won’t see hackers targeting them directly, for now."
Michael Fimin, CEO at Netwrix, agrees, saying that IoT attacks will not become widespread in 2015. "While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015."
"Most attacks are likely to be ‘whitehat’ hacks to report vulnerabilities and proof of concept exploits."
For Dave Larson, CTO at Corero Network Security, the IoT brings to mind ‘to images of a zombie apocalypse’. He said: "These faceless devices are systematically making their way into our businesses and everyday personal lives."
"With this infiltration, comes the realisation that while we are enhancing our ability to interact with our increasingly electronic world we are also broadening the cyber threat landscape in leaps and bounds."
Content from our partners
Jamie Longmuir, Regional Director at SafeNet, agrees that the Iot, and its threats, are here to stay in 2015. "Unlike other hype cycles, the Internet of Things, pretty much any consumer device capable of connecting to the Internet, and all its related security issues, is here to stay."
"Although there are a lot of conversations about baking security into consumer devices, these devices are all essentially vulnerable and we will see more conversations about how to build secure, authenticated, encrypted connectivity into all of our devices."
2. Attacks will focus on businesses, not consumers
Businesses will be the focus, not consumer products such as fridges. Carl Leonard, Principal Security Analyst, Websense commented: "…the real threat from IoT will likely occur in a business environment over consumer. Every new internet-connected device in a business environment further increases a business attack surface."
"These connected devices use new protocols, present new ways to hide malicious activity and generate more noise that must be accurately filtered to identify true threats. Attacks are likely to attempt to use control of a simple connected device to move laterally within an organisation to steal valuable data."
"In the coming year, manufacturing and industrial environments, in particular, are likely to see an increase in attack volume."
3. Rise of the botnet army
Corero Network Security’s Dave Larson issues a stark warning against devices and possible DDoS attacks in 2015: "In the case of DDoS attacks, the reality is that any device, infrastructure, application etc., that is connected to the Internet is at risk for attack, or even more worrisome, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims.
"This raises a lot of concerns and rightfully so, that this new type of attack surface could become wildly out of control in short order. Unless Internet service providers take intentional measures to deal with this class of attack, it is almost unthinkable to consider the scale and destruction that could be perpetrated by exploiting even a small fraction of the anticipated billions of IoT devices that will be deployed in the coming years."
"The IoT may very well be breeding its own army of botnets – buyers beware."
4. Blocking the ‘hackers gateway’ – start with procurement protocols
Nick Pollard, Senior Director, Professional Services EMEA APAC at Guidance Software advised, "A good place to start with protecting against the potential threats from the Internet of Things, is to adapt procurement protocols. Something as seemingly innocuous as a connected coffee machine or smart fridge, could now pose a risk to the rest of the enterprise."
"Procurement teams should consult the security team and we need to set guidelines before any IoT device is purchased. The security team will also need to do regular scans of their machines to ensure there have been no breaches."
5. CSO’s need to take the IoT lead
CSO’s need to step up to the IoT security challenge, with Kalyan Kumar, SVP & Chief Technologist at HCL Technologies saying: "As new applications of the IoT continue to emerge, the pressure on IT security teams will ramp up even more. As such, approaches to security will need to evolve in 2015.
"More enterprises will turn to managed security service providers (MSSPs) to gain access to expertise that may not exist in-house; or appoint a Chief Security Officer (CSO) to take the lead internally."
"Security will become more widely recognised as being central to a business’ operations and so the CSO will be involved in board-level decisions and discussions."
6. Secure the core for IoT success
Richard Moulds, VP Strategy at Thales e-Security commented: "The scale, complexity and geographic spread of IoT networks, coupled with the amount of data that makes them tick, make them highly vulnerable."
"A main reason for these concerns is that the devices themselves are often in vulnerable locations, may have very little physical protection, and the networks through which they communicate can’t always be trusted."
"This makes them a prime target for malicious hackers and cyber-criminals. It’s not just about the devices themselves, it’s also the back-end systems, the points of aggregation where data from millions of devices is collected and analysed – where decisions get taken and instructions issued."
"Compromise at the centre could drive breaches the scale of which we’ve never seen before. Building trust across these huge scale, distributed systems must be a main priority for companies seeking to implement a successful IoT adoption strategy."
