
Cybersecurity Buzzword of 2017: The Internet of Things (IoT)
Get to Know the IoT
Computers are generally recognized as: desktops, laptops, smartphones, and tablets. However, there are already billions of computers connected to the internet, and a relatively small percentage of them fall into those categories. Most computers don’t have a screen and keyboard or other interface that lets you easily interact with them.
The Internet of Things (IoT) is a term which covers all of the networked devices present in our modern, highly-connected world. From your office to Smart Home, the IoT is comprised of things like:
- Security Cameras
- Routers
- Cable Boxes
- Cars
- Sensors
- Just about any “Smart” product
20 years ago, the average person probably had just a few computers in their life between home and work/school. Now that same person is likely surrounded by dozens of different internet connected things. Take a scroll through a site like IoTList to get a sense of all of the different IoT devices for sale: doorbells, light bulbs, speakers, and so many more smartphone-friendly accessories.
IoT connectivity is a double edged sword, providing unprecedented utility and access to information while creating serious cybersecurity concerns.
New Security Challenges
A huge attraction of IoT devices is their typically passive nature. They just work, often right out of the box, and you don’t need to touch or use them directly very much for them to provide you a benefit. That very lack of involvement is often the source of weakness. Users typically aren’t aware of how those devices work, what data they might be collecting, and what the available settings are. The vast majority of these devices have little to no built-in security, and those with some security features are typically on default settings. When was the last time you checked the settings for your internet modem/router? For most people, never. Unfortunately, attackers know this.
IoT devices are being overtaken by hackers at an alarming rate. Sometimes, attackers are able to snoop on the personal data sent through the compromised device or network. For example, a hacked webcam could be used to watch someone remotely, without their knowledge. There are marketplaces on the dark web where these hacked connections are bought and sold.
Over the last few months there have been massive attacks, on some days crippling the infrastructure of the web, using thousands of compromised IoT devices. The open-source software behind these attacks, named Mirai, leverages hundreds of thousands of hacked IoT devices to conduct DDoS attacks. This has led to outages for Netflix, Twitter, PayPal, and many other top-tier web companies.
In response to these incidents, the U.S. Government is asking questions. It would not surprise me to see the establishment of a military branch dedicated solely to Cybersecurity established over the coming years. Increasingly, the biggest threats the U.S. will face will be to our internet infrastructure rather than conventional terrorism or military tactics.
Assess Vulnerabilities
Every individual and organization should start 2017 with an audit of their potential risks. You need a security plan and policy to cover all of your devices, especially the ones that are easy to forget you even have.
In security, the name of the game is identifying and improving upon areas of weakness. In the past, I have covered issues relating to human error such as ransomware and phishing, but the IoT represents a difference sort of threat. The human error would be to ignore these devices, or to underestimate the risks.
Organizations should:
- Know what is connected to your network: Allow access to the fewest devices possible. There should be no surprises or unauthorized connections. Conduct an audit to figure out what is already connected, and then develop policies to secure your network going forward.
- Replace Default Credentials: Attackers often look to access your devices through factory-default settings. Make sure that any log-in information is unique to you and your organization.
- Compartmentalize: Wherever possible, segment your network for various needs. Try to limit the number of people and devices which can access the most critical data.
- Update Regularly: Monitor for announcements of software patches and quickly implement those advancements.
Outlook
This is a problem that is likely to become exponentially more difficult with each passing year. The IoT is enabling the rise of Artificial Intelligence; an army of devices acting as the AI’s own senses. More data leads to better and more comprehensive decision making. The trend will be connecting the world to a greater degree every day, and those new connections will number in the tens of billions annually.
The IoT and AI will revolutionize the way you do pretty much everything in your daily life, from making coffee to unlocking your car. This will all come a cost. Right now, it is a lot easier to be an attacker than a defender, and that isn’t likely to change anytime soon.