I find the term Internet of Things quite “aargh!”
Possibly because I think the term doesn’t fittingly describe the amazing technology advancements that it refers to… Or maybe because I think the term is not just ‘cool’ enough for a modern tech trend.
In any case, the term is here to stay and so is the technology that it implies, which connects every’thing’ possible to the Internet – cars, fridges, kettles, webcams, food dispensers, etc.
However, cyber threats from having such ‘connectedness’ are on the increase – as hackers now have multiple devices to prey upon to launch cyber attacks when previously (well, maybe historically) they relied on only internet connected computers.
Twelve years ago, I went down the research route on cyber security / attacks for my MSc dissertation at Loughborough University. It’s disconcerting to see that trends that were uncovered then such as Distributed Denial of Service (DDoS)attacks, whereby an attacker machine is able to take hold of numerous others by infiltrating them with malicious code that makes them act as zombies for the purpose of targeting specific domains or sites – flooding such sites with packets that bring them down, is still prevalent.
One of such recent DDoS attacks, was the ‘Mirai’ attack that used a zombie army of 100,000 IoT devices to bring down sites including: Spotify, Twitter, Airbnb.
In my perspective and reflecting from my past research work, DDoS is certainly very harmful but it is not the worst possible type of attack – as it still allows sites to recover (although normally always with significant losses). There is at least one other type of attack setup scenario which is possible that could result in far terrible consequences for the targets exploited.
It’s therefore fair that there are growing concerns as it appears that not enough IoT device manufacturers are taking the issue of IoT enabled cyber threats as seriously as they should.
With cyber threats costing companies in the UK £34 billion in 2015, and the 2016 World Economic Forum Global Risks Report estimating that the cost of cyber crimes to global business is $445 billion, it’s due time for IoT players to put cybersecurity as mission critical on their product design and build strategy.
One way of doing this is integrated device security. Another way is free (yes, free) application security and updates.
And yet another way, is having real time monitoring of device applications.
Now it can be argued that it would take too much effort to have real time application monitoring – with tens or hundreds of millions of IoT devices deployed globally. But this is conceivable as an integral aspect of IoT is connectedness and monitoring. So it can be relatively easy for devices to be monitored with regards to their security state.
If operational IoT devices are actively connected to a security monitoring and alerting platform, it would be relatively easy for such a platform to detect when any suspicious activity occurs on a device. And depending on the critical nature of the device, the platform can take the necessary remedial action e.g. if a kettle, it can be shut down to stop an active or immediate cyber attack.
By having in-built security in products on a firmware, hardware and software (application) level, IoT product manufacturers, can help prevent, limit and mitigate, potential colossal cyber losses and threats from their devices falling prey to hackers.
After all I doubt anyone likes the thought of their connected fridge, kettle, or other home appliance being prime target for hackers! I know I don’t!
Please leave a comment.
Or to get in touch with the author (Linda Unugboke), email: firstname.lastname@example.org