Cyber threats to IoT in 2020
A burglar looks for the weak point in a home to exploit. An unlocked backdoor, open window, or even one that can be easily and quietly smashed without alerting anyone. This is as true today as it was one hundred years ago – the more vulnerable a target, the higher chance of being attacked and the higher chance of the owner becoming a victim.
Hackers have the same mindset - identify a weakness in the system, exploit, rinse and repeat. Until very recently this meant a limited number of vulnerable points of access – computers were protected by anti-virus software, and modems had complex inbuilt security measures. But as technology has advanced, and additional connected devices are being added, the “attack surface” has continued to expand.
Smart home devices offer more access points than ever before – wireless lights, thermostats, home security sensors, intelligent streetlights, smart meters, and many more. These millions of sensors and devices present a great opportunity for hackers, and a great vulnerability to us all. The Internet of Things allows us to carry out activities far easier and faster than ever before. But as the landscape develops, we must ensure that it does not present bad actors with a backdoor into our lives. As the IoT industry continues to change, what issues are we likely to see in 2020?
Privacy and security will keep being a big issue
Devices are collecting ever-increasing amounts of information. This might be as basic as the IP addresses our IoT devices communicate with to the state of our health. With the advent of 5G, even more data will be collected, stored and shared across devices and platforms. Without proper security measures in place, every piece of data we generate, whether intentionally or passively, will be open for identity theft, financial gain, and potentially even damaging to our health. Implementing security will continue to be critical for controlling how data is used.
Physical security and cyber security are merging
Today physical and cyber security are entwined. We are beginning to see technologies that use this concept to provide a complete protection service in one unified solution. By merging physical and cyber, with bi-directional feedback between the domains we’re able to gain greater insights into behavior patterns, which allow us to continually innovate products and provide better endpoint security. We will continue to see this trend as new innovations emerge, enabling families to live without fear of physical or cyber security attacks.
There are practical use-cases that prove the benefit of combing the physical and cyber on one platform. For example, when abnormal behavior or an attempted intrusion is detected on the network, a monitored alarm system can automatically arm itself in expectation of a potential burglary. Or, if an attempt is made to access the home network onsite during a time that the IoT/alarm system does not expect someone to be at home then an alarm will be raised. The same monitoring center that monitors burglary alerts can learn to deal with cyber alerts.
IT professionals have new concerns
The more devices become ubiquitous within organizations, the higher the risk. Securing IoT networks from attack is essential but is full of significant challenges. Many modern IoT devices lack the power and sophistication required to support traditional security measures. The strongest IoT network is only as strong as its weakest link. A single point of failure can enable multiple points of attack. As everything is now an interconnected network, IoT devices can be used as the gateway to any IT devices and vice versa – a ransomware attack on an IT system can easily end up in the IoT network.
The shortage of cyber experts will continue
Today, most cyber security ecosystems are developing a variety of cyber solutions by collecting vast amounts of information from the network and endpoint devices in order to detect untrustworthy malicious activity in the IoT network. Even with AI as part of the decision-making process, a human eye is still needed but the shortage of cybersecurity training resulting in fewer experts is increasing. Big players are taking most of the available resources and keeping the small players without the economical ability out of the market, meaning they are unable to operate a security operation center (SOC).
This Catch 22 situation drives most IoT service providers to give up, creating the need for a SOC-less solution. 2020 will see the rise of alternative security solutions, such as our SigmaDots technology, dramatically decreasing the need for a SOC service by enabling a self-protected ability to block most of the attack methods and vulnerabilities that hackers are using to attack IoT networks.
With technology permeating into more and more aspects of our lives, we must begin thinking about securing our smart devices with the same (or even more) seriousness as we do leaving our front doors unlocked, or our wallets unattended. 2020 will undoubtably have its leaps in innovation as well as its landmark hacks and data-breaches. It is our responsibility to ensure that we make our devices as ‘hard’ a target as possible to these modern-day burglars.
Ohad Amir is the Chief Technology Officer at Essence.