From HVAC sensors, to security cameras, to pacemakers, and more, the Internet of Things (IoT) is becoming a significant part of everyday life. IoT devices generate a massive amount of data and their growth is transforming what’s possible across industries.
While IoT is opening up new, exciting possibilities for cities, enterprises, healthcare facilities, and more, it also creates opportunities for bad actors looking to exploit easy targets. The interconnected nature of IoT devices means that a single compromised device can quickly lead to a major attack on a network.
As the world looks toward the future of IoT, it’s critically important that cybersecurity remains a top priority at every level, from governmental leaders creating policies that help secure devices, to organizations investing in security solutions, to individual users learning best practices to keep criminals out. In this digital story, we’ll take a closer look at the future of IoT and what you can do to stay cyber secure.
A 2019 Ericcson report predicted that by 2023 there will be over 30 billion connected devices worldwide, of which approximately 20 billion will be related to the Internet of Things. With new IoT applications emerging in virtually every industry, those estimates might even be low. The best way to understand what the future of IoT holds is to take a closer look at some of the spaces where it is exploding.
Smart buildings leverage a connected network of intelligent devices and software systems to collect data. The buildings eventually use this data to self-regulate a range of key features, such as lighting, HVAC, and maintenance. Because smart buildings work so seamlessly, people often don’t realize they’re in one, but, in fact, the number of these buildings in operation is rapidly growing. While the global market for smart buildings was already at 3.7 billion USD in 2017, Navigant Research predicts it will grow to 10.2 billion in 2026.
IoT tech can be used in a variety of different ways in smart buildings. Examples include:
Smart cities are the natural extension of smart buildings. They integrate IoT devices with information and communication technology (ICT) to optimize the efficiency of city services and operations.
The technology is used to simplify daily life, connect citizens, and improve disaster responses. By leveraging IoT, smart cities can optimize their public energy grids to balance workloads, distribute energy more equitably, and predict energy surges. They can also sync traffic lights to adapt to changing conditions in real-time. Further, this synchronization allows emergency first responders to communicate with traffic lights and get direct access to critical locations. Governments can also use IoT smart cameras to automate street surveillance and record and analyze video footage.
Industrial IoT (Factories and Warehouses)
Industrial IoT has seen significant growth in recent years as industry leaders have come to appreciate its ability to increase both security and operational efficiency. By equipping machines with IoT sensors, factory managers can more accurately map machine workloads, inputs, and outputs. Plus, IoT enables them to track machine wear-and-tear more closely. This means that maintenance can be predictive rather than reactive, ultimately improving machine lifespan.
Managers can also implement augmented analytics that use machine learning to improve the ways in which operational decisions are made. With IoT, automating the preparation, management, and analysis of data that supports those decisions is simple. And, as with smart buildings in general, IoT can improve energy efficiency and reduce factory or warehouse costs.
Healthcare is one area where the impact of IoT is perhaps most visible on a day-to-day basis. IoT devices are completely transforming the patient experience, whether through mobile devices that collect patient information in the emergency room or wearables that track a patient’s condition as they recover from surgery. In particular, remote patient monitoring (RPM) systems enable real-time data collection to measure patients’ body temperature, which is one of the main indicators of infection. There are now even devices that can remind patients to do everything from take their medicine to correct their posture.
All these IoT devices present great opportunities in the healthcare field. They can reduce costs and clinical errors while improving diagnosis and treatment. Further, predictive maintenance can simplify equipment management, ensuring that devices are serviced before they break down.
Though they offer many benefits, IoT devices (particularly those with camera or audio feeds) can be extensive sources of information for attackers. Even worse, a study by Gemalto found that only around 48% of companies can detect when their IoT devices have been breached.
This is troubling given that the cost of an IoT breach can be devastating. One survey found that smaller companies (those with under $5 million in revenue per year) experienced losses of approximately 13.4% of their annual revenue as a result of IoT breaches. On the other end of the spectrum, nine companies that generate $5 billion or more in annual revenue reported losses of over $20 million. These financial losses don’t even take into account the long-term repercussions of such a breach in terms of loss of reputation and trust with customers.
IoT risks are compounded by the fact that securing IoT data can be very challenging, as these devices add a huge number of endpoints to any network they’re connected to. Given that cybercriminals tend to target end points for easier backdoor access to networks, adding more endpoints can make you more vulnerable to a cyberattack. Because IoT devices are connected to the Internet, bad actors are often able to expand their attack from a single device to other devices and the larger network within minutes. All of this means that IoT devices are often susceptible to attack and it is up to your organization to ensure that they are as secure as possible.
Over the past few years, there have been a number of high-stakes IoT hacks. These incidents highlight the varied nature of IoT threats and the different types of devices that could be targeted.
Silex Malware Attacks IoT Devices
In 2019, Silex malware infected thousands of IoT devices and “bricked” them — meaning the malware made the affected devices inoperable, essentially rendering them as useful as a brick. This attack — carried out by a 14-year-old hacker — destroyed the devices’ storage, deleted their network configurations, and removed their firewalls before ultimately halting them. The hacker specifically targeted IoT devices running on Linux or Unix operating systems that had known or guessable passwords. In order for victims to recover their devices, they had to manually reinstall firmware, a process that was too complicated for most device owners.
Hackers Use a Fish Tank to Attack a Casino
In this attack, cybercriminals hacked a casino’s Internet-connected IoT fish tank to gain access to the casino’s network. This high-tech fish tank could be remotely monitored and was able to regulate water temperature and automate feedings. These capabilities allowed bad actors to hack into the system and steal 10 gigabytes of data from the casino. Though the attack was more subtle than many others, it was discovered because the fish tank was inexplicably pumping data to a remote server in Finland.
Smart Light Bulb Vulnerabilities Exposed
Four years ago, a drone was able to hack smart Philips Hue light bulbs and set off a virus-like reaction that jumped from bulb to bulb. This vulnerability was fixed at the time, but recently cybersecurity researchers were able to use a smart bulb to attack a target’s standard home IP network. This breach revealed that bad actors could hypothetically exploit smart light bulbs to infiltrate a home or business network. Fortunately, Philips Hue was notified of the vulnerability and a patched firmware update has since been made available for download.
Vulnerabilities Discovered in Cardiac Devices
In 2017, the Food and Drug Administration (FDA) found that cardiac devices at St. Jude Medical could potentially be hacked. If a hacker were to gain access to these devices, which include pacemakers and defibrillators, they could deplete the batteries or administer incorrect pacing or shocks, all of which could have deadly consequences. Fortunately, no patients were harmed as a result of these vulnerabilities and St. Jude quickly created a software patch to fix the issue. However, this is a jarring example of the kinds of risks that bad actors could exploit.
The good news is that there are several best practices you can employ to reduce your IoT security risks and ensure that your system remains secure. For example, you may want to implement:
Further, if you’re serious about staying cyber secure, there are two highly-effective efforts you can make that will elevate your IoT security posture: invest in a Zero Trust architecture and implement a device discovery solution.
Zero Trust has become an industry buzz-word, but its rise in popularity is no accident. Keeping IoT devices secure requires more than just identifying their manufacturers, IP addresses, and model numbers. IT stakeholders must obtain deep insights into each device on their network, including both its business context and its potential for risk. As IoT gains traction, so too does Zero Trust, as it is the most effective way to gain the device insights that IT leaders need to stay secure.
Zero Trust is a security framework that requires all users — whether within or outside an organization’s network — to be authorized, authenticated, and continuously validated for security configuration before they are granted or get to keep access to data and applications. For Zero Trust to work, you need to continuously monitor and validate that both users and their devices have the right attributes and privileges to access your network.
Even though Zero Trust policies require a fair bit of technology investment (including multi-factor authentication, identity and access management software, advanced endpoint security technology, etc.), it’s not impossible for networks that have an abundance of legacy equipment to implement Zero Trust policies. You just need to think critically about how and what you monitor, and who and what you let in.
That’s where device discovery solutions come into play. Aruba ClearPass Device Insight is an essential solution for Zero Trust networks. It’s an AI-powered device discovery and profiling solution that gives you a complete view of your network and everything in it — both wired and wireless. The solution does this by collecting network traffic and extracting key device attributes including ports, applications accessed, protocols, and volume. It then uses that data to fingerprint devices based on their actual behavioral attributes (instead of the vague static attributes that are often used for discovery).
Because Device Insight is a cloud application that includes both a crowdsourcing and a machine learning component, it is able to quickly develop fingerprints for devices it has never seen before. This automated approach ensures the solution can keep pace with all the new and varied IoT devices that continue to be developed. Plus, ClearPass’ crowdsourcing component means that your IT teams always have a clear view of the devices that are connected to your network.
IoT offers boundless opportunities and benefits across industries and use cases, but taking advantage of those benefits without opening yourself up to cybersecurity risks can be tricky. With each new device you bring into your network, you risk welcoming in more bad actors as well.
Luckily, you don’t have to face IoT cybersecurity challenges alone. At Turn-key Technologies, Inc. (TTI), our experts are ready to help you secure your IoT devices and your larger network. When you partner with TTI, you get the benefit of more than three decades of experience securing networks of every shape and size from a range of risks. We’ll use that knowledge to help you secure your network so you’re prepared to face any threats presented by IoT technology.
Contact us today to learn how TTI can help you prepare for the future of IoT cybersecurity.
Please, rotate your device