The IoT is soaring in popularity. It’s been estimated that consumer spending will reach $62 billion in 2018 and there will be between 25 million and 30 million devices worldwide by early 2020. But more devices bring more security risks. By the same date, it has been estimated that a quarter of cyber attacks will target IoT devices.¹
In 2018, there were a number of IoT security challenges that threatened the existence of thousands of businesses. In this article, we’ll look at what those challenges were and what we can learn from them.
5 IoT Security Issues from 2018
An ongoing concern since the infamous 2016 Mirai attack, botnets are groups of machines that are leveraged as pieces in DDoS attacks and other cyber infiltration measures.
As mentioned, the most famous botnet issue happened in 2016, when the Mirai botnet attack took advantage of insecure TV cameras and routers as part of a DDoS attack that took down huge companies such as Netflix and CNN.² These issues were still present in 2018, and they aren’t going away.
That means that all companies that leverage the IoT need to take steps to reduce their risk. This should include regularly scanning networks for vulnerabilities and making sure that all passwords are secure and regularly changed.
2. Device Hacks
Device hacks are perhaps the biggest threat that IoT devices face. Some devices are particularly vulnerable to hackers, who can take remote control of the devices through several security flaws. This issue was highlighted twice in 2018, first in the Rube-Goldberg attack that allowed hackers to target business camera systems, and again with CloudPet toys, where attackers were able to access live and recorded video feeds from children’s toys.³
To reduce the chances your IoT devices will be hacked, segment them from your network. Analytics software can also be used to prioritize important information and manage how (and what) data is stored.
3. Staff Vulnerabilities
The top cause of cybersecurity breaches at small and medium businesses is employee negligence.⁴ One might argue that large businesses, with large amounts of employees that could miss a security issue, would be even more at risk. Phishing attempts, like the DocuSign hack where attackers gained access to millions of email addresses, are all too common.⁵
Investing in staff training is key if businesses are to ensure security in 2019. This should include training on passwords, malicious emails, how to spot a cyber attack, and how to safely handle IoT and M2M devices. Doing so could help prevent security concerns in 2019 and beyond.
4. Data Storage
IoT devices allow businesses to collect more data than ever before. While this is great for business intelligence, it raises a number of issues. One is compliant data storage. As both the EU and Canada take steps to make data more secure, IoT devices are one of the reasons why companies may breach regulations. The way in which data is stored could also cause an issue, particularly if data is stored in a raw form without being anonymized.
Businesses need to be aware of all of the data that their devices collect — both about the business and its customers. They, make sure that all data is encrypted and anonymized to make sure everyone is protected.
5. Third party errors
Even if you take the necessary steps to protect the data that your IoT devices collect, you can do little about the negligence of third parties. IoT device manufacturers, partners, and agencies are at risk of attacks which means that your data is at risk, too.
Businesses must take caution when implementing IoT devices into their network and services. Due diligence must be taken when selecting suppliers to ensure that the possibility of a third-party breach is minimized where possible. If necessary, issue a data addendum or build security requirements into your contacts to reduce your risk.
Adjust Your Security Measures as Tactics Improve
Perhaps most worrying is the fact that while these issues are well known by consumers. Over half of IoT device owners don’t use third-party security tools to protect their devices and don’t feel that the inconvenience is worth the risk.⁶ That could mean that 2019’s biggest IoT security concerns are far worse than those listed here.
Businesses, communication service providers, and municipalities should set themselves firmly apart from ordinary consumers. With larger networks and a higher volume of sensitive data to protect, cybersecurity should be an issue that receives consistent attention. Keep up with news of hacks and how tactics are changing. Consider unique security challenges for lightweight IoT devices, industry standards, and other common issues. Do your due diligence and reduce your risk as much as possible, constantly adapting with technology to keep your risk as low as possible.