Views

Prioritise securing Internet of Things

While we are more connected than ever, a recent study suggests 70% of all IoT devices have serious vulnerabilities

It may come as a surprise that there are probably more "things" connected to the Internet than people.

Last year, there were an estimated 6.4 billion connected devices in use worldwide - a figure that is projected to hit 20.8 billion by 2020.

And we are more connected than ever, with figures showing that the average Internet user today owns 3.64 devices, uses 26.7 apps, and has an online presence on seven platforms.

While this global connectivity enabled by the Internet of Things (IoT) opens great possibilities for personal and organisational growth, it also exposes us to security vulnerabilities that can cause financial loss, endanger personal and public safety, and damage businesses and reputations.

Anything that is connected to the Internet is a potential attack surface for cyber criminals.

A NEW LANDSCAPE 
FOR HACKERS

IoT brings with it a host of new possibilities from smart city advancements to transforming how industries produce goods.

The Industrial IoT has seen significant advancement in recent years.

By connecting assets in a factory, organisations can have better insights into the health of their machinery and predict any major problems with their hardware before it happens - allowing them to stay one step ahead of their systems and keep costly outages to a minimum.

However, in the rush to connect every "thing" in sight - from factory machinery to the fitness monitor on your wrist - security has ranked low on the priority list.

Despite most manufacturers taking steps to build in security, it does not count for much if the end-user implementing the technology does not properly configure the devices.

What is more disconcerting is a recent study that suggests 70 per cent of all IoT devices have serious vulnerabilities.

For example, an organisation may roll out a series of sensors across factories but fail to set up passwords. Those sensors are then left vulnerable to be used for malicious functions they were never designed for.

Security is also a concern for governments who are investing in smart city infrastructure. IoT has the potential to create a wealth of new services and improve existing public services.

Without adequate security, innocuous items that usually pose no threat can be transformed into something sinister.

For example, traffic lights that tell cars and pedestrians to go at the same time, or changing tracks to put a commuter train on the wrong course.

A real-life example of this kind of disruption came to light last year, when San Francisco's public transit system was hacked - forcing the city to allow commuters to travel for free and causing widespread disruption across the city.

THE INSECURITY OF THINGS

Another problem is the network that IoT data travels over.

In addition to vulnerabilities in the device, malicious elements can reach your system through insecure networks.

However, as technology progresses rapidly, end-to-end security is not keeping pace.

This is a sin that has been committed in the past - when the initial worldwide Internet infrastructure was being built from 1990 to 2005.

During this period, security was an afterthought, and that enabled early hackers to grow and disrupt. Hence, it is important that organisations take time to pause and think about how they can work together to create end-to-end infrastructure that can deal with the influx of new devices.

KNOW YOUR ENEMY

As with any defence, the first step is to be aware of the threats and arm yourself with the appropriate tools to minimise the risk of falling into traps.

There are many effective methods of preventive and reactive security, but each approach will differ depending on the devices in your ecosystem.

An overall understanding of the end-to-end journey of your data and the threats it faces on the journey will be beneficial.

Organisations that work with partners to create a secure network for their devices will be rewarded in the long run.

There is no one-size-fits-all approach to securing the IoT infrastructure, and it will take a considered, group effort to ensure this beneficial technology evolves in a secure and effective way.

The writer is senior vice-president of global product management and data centre services at Tata Communications. This article appeared in The Business Times yesterday.

securityinternet