The Future Security of the Internet of Things
One interesting concept I’ve come across recently is something perhaps all of us who cover cybersecurity news and the tech industry are culpable in perpetuating. Dubbed “security fatigue” by Tom Pendergast, Ph.D., chief strategist of Security, Privacy and Compliance at MediaPro, it predicts there will be people who start to believe that protecting their personal information is simultaneously hopeless and a overly complicated, they’ll eventually say ‘to hell with it’ and throw caution to the wind. After all, as he states in an email conversation with IT Business Edge, “Our culture causes it — from magazines and newspapers promoting the news of the latest data breach…and reminding people to use a different password for every site they visit, to public service announcements and posters in public places…We are simultaneously bombarded with reminders about what to do to stay safe, while also regaled with stories that seem to demonstrate that there is no hope. And we just start to tire of it all and we tune it out.”
The matter almost definitely isn’t helped by the proportional risk that threatens the Internet of Things in the new year. You can catch any number of smart devices this week at the annual International Consumer Electronics Show in Las Vegas. Forrester, in fact, estimates that more than 500,000 IoT devices will be compromised in 2017. In the perpetual rush to deliver products to market, they write, many IoT companies leave security as an afterthought for their solutions, and neglect implementing solid update plans to address vulnerabilities. These subpar components—part of what Forbes writer Leon Hounshell describes as “the amorphous technological connective tissue for the whole shebang of modern computing” that defines the IoT—create exposed access points for hackers to infiltrate an organization’s wider network. Have a connected security camera? An old network printer, even? If not properly protected, hackers could use such an innocuous internet-facing device as a stepping stone to infection. “We are already seeing a lot of CCTVs being hacked within organizations,” says Alex Vaystikh, co-founder and CTO of advanced threat detection software provider SecBI.
Currently, analysts predict upwards of 20 billion IoT devices in use by 2020. More connected devices, of course, means more data and more complex databases that need to be secured. It also means a wider attack surface for hackers, who could use the vast proliferation of IoT items as a botnet in massive DDoS attacks (such as the Mirai botnet responsible for the largest DDoS in history), or more profitable ventures like spam campaigns. Or even worse, in attacks against critical infrastructure like energy companies and other utilities.
Remember, though, we want to avoid succumbing to security fatigue. Perhaps with this in mind, Citrix CSO Steve Black reminds us: “Many people are afraid to adopt these emerging technologies for fear that they may be their security downfall, but as with any technology, the same security 1-2-3s apply,” such as changing administrator login credentials and educating employees. Furthermore, Black highlights the potential security benefits of our IoT future—technologies with benefits relating to biometrics and behavorial pattern analysis.
Of course, in order to take advantage of these, organizations will have to adapt, improve security practices and infrastructure, and in general, be smart and protect smart things.