Overview

The adoption of technology solutions driven by the Internet of Things is on the rise both in business and consumer infrastructures: the upcoming five years are foreseen to triple the existent connected IoT devices worldwide. The power of IoT is transforming each possible sphere of applicability, such as agriculture and manufacture, health and sport, finance and retail, military and government, transport and logistics.

A widespread exploration of new business channels stimulates a fast IoT implementation for connecting devices, collecting information, computing data and creating efficient solutions. In other words, IoT-backed businesses can resolve numerous challenges, however, there are still some IoT risks that will to be discussed later in the article.

With this said, the Digital Transformation Research reveals the top five prior technologies to be invested in 2019 are:

1. Cloud
2. Cyber Security
3. Artificial Intelligence (AI)
4. Big data
5. Internet of Things (IoT)

Needless to say, that security spending in the IoT sphere proves to be highly reasonable. Besides, the Gartner Report foresees information security investments to increase 8.7 percent and reach $124 billion this year. Experts distinguish four driving factors for such skyrocketing cybersecurity spending: IoT security risks, industrial changes, business needs and privacy concerns. Different attack patterns may occur - from easy-to-miss password entry to malicious software use.

And if in most cases, the main goal of hackers remains gathering as much necessary information as possible, sometimes cyberattacks may result in acts of violence and threaten human lives.

How Does the IoT Influence Cybersecurity?

So, why is IoT so vulnerable to potential cyberthreats? 

The more valuable information is received, transmitted and then stored, the more cybercriminals attempt to lay hands on it. Alongside with the IoT proliferation, the number of cyberattacks grows exponentially every year and may reach up to 20 million per day. 

• First of all, IoT technology is relatively cheap and thus extremely popular. But at the same time, it remains unsafe because these devices undergo low investments into security issues.
• Secondly, IoT devices are typically connected to the ubiquitous network and base station which enables extra availability of virtual data journey at all stages and, moreover, increases the possibility of physical consequences.
• Thirdly, the majority of companies lack the professional team to secure, manage and monitor electronic devices alongside with virtual environments.
• Finally, cyberattacks represent international nature though cybersecurity and its legislative enforcement is predominantly a national matter. In this case, legal security regulations and standards are of top priority but leave much to be desired in many countries.

Poorly secured IoT devices are very attractive to hackers so they frequently experience numerous breaches or attacks, no matter, whether they are connected to consumer home or big corporate networks. Generally speaking, organizations are prone to encounter such types of malicious threats as fraudulent emails, redirecting to counterfeit websites, viral or spy programs, malware, ransomware, denial-of-service attacks, hacking of bank accounts, unauthorized network or computer access, deliberate inner staff spoilage and so on.

IoT Attack Surface Areas

Securing endangered IoT systems and devices requires a clear understanding of where possible cyberthreats may occur. Several years ago the Open Web Application Security Project (OWASP) provided a detailed list of IoT attack surfaces and vulnerabilities which remains actionable and relevant.

Generally speaking, IoT attack surface is the total amount of potential vulnerabilities in IoT hardware, software and network.

• Hardware attack surface areas. The risks are primarily associated with access to endpoint physical devices, for example, laptops, PCs, mobile devices, hard drives, sensors, routers, etc. IoT device parts (memory, physical or web interface, firmware) are equally unsafe from log-in defaults, downgrading or spoilage. 
• Software attack surface areas. Digital vulnerabilities imply the running code deployed in the system, especially sensitive in case of web applications, and even insider threats due to unauthorized access.
• Network attack surface areas. The network infrastructure is vulnerable because of its connectivity to both software and hardware. The network is responsive to remote intrusions through Wi-Fi and LANs so each point of communication channels are prone to DDoS attacks and spoofing.

Like all attacks, IoT threats are unpredictable and can take weeks to be detected. During such a long time period the potential damage can result in months of recovery and enormous losses.

For example, British Airways has been recently imposed a sensational fine of £183 ($228) million for a criminal data breach in 2018 beating the previously existing Facebook record of £500,000 ($624,000). BA failed to sustain the security of their website and mobile app which were compromised in August-September last year. Approximately 500000 customers were redirected to the fraudulent site revealing personal and financial details. Cybercriminals harvested customers’ names, email addresses, travel booking information and bank card details. Inappropriate usage of this data can lead to tremendous consequences so BA warns their clients of possible forthcoming phishing.

Data breaches occur daily across all industries from lifestyle apps to retail stores, from home smart TV to huge oil companies. The article by the Wall Street Journal narrates about the recent ransomware cyberattack that paralyzed the entire processes at Norsk Hydro, the Norwegian aluminum and energy company. The intruders encrypted the files with a severe virus and demanded a ransom.

Though Apple Inc. has the reputation of the most secure electronic designer, software developer and online service provider, it frequently faces cybersecurity issues. 2018 was rich for multiple cyberattacks like iOS passcode bypass vulnerabilities revealed customers’ photos and contacts. Another malicious alert was connected with pairing iPhone devices without the owner’s knowledge and also a malware cryptocurrency miner was detected in the calendar app. All the facts seed the idea that IoT safety is unlikely to get outdated.

How to Secure IoT Devices

Since no one can anticipate a cyberattack, the qualified preparation is on-demand to mitigate IoT security risks on different levels. Here are some essential tips to consider:

• Restrict and monitor any access to IoT devices and services to avoid inside unwarranted intrusions
• Build your IoT system around cloud platforms or separate networks, like in fog/edge computing technologies, or a combination of both
• Implement expert cybersecurity strategy and update it on a timely basis
• Choose a strong resourceful cybersecurity provider and have your own trusted security expert 
• Avoid irresponsible IoT device manufacturers as their primary concern should be in-built security at the physical device development stage with subsequent maintenance (patch/upgrade)
• Before buying look for IoT devices that undergo security certification
• Most breaches occur due to default passwords so be careful to set unique usernames and passwords and change them regularly
• Study and constantly monitor IoT device baseline behavior to detect potential deviations
• Reduce the attack surface by disabling unnecessary automatic processes
• Analyze data circulation and typical network activity such as data source, speed and direction in real-time
• Configure multilayer authentication and encryption for the whole IoT system
• Deploy AI-powered security control for data mapping where possible
• Invest in consumers’ cybersecurity hygiene by increasing their awareness of fraudulent threats

Conclusions

Enhancement in IoT connectivity will increase its deployment but the wide IoT system is, the more persistent and diverse the cyberattacks become. The enterprise may implement all available strategies for security thus they are not able to fully protect from cybercrimes.

Noteworthy, at the end of 2018 EU Council proposed the Regulations on ENISA and the Cybersecurity Act while in March 2019 the U.S. government established the IoT Cybersecurity Improvement Act of 2019 aimed at encouraging the adoption of secure-by-design IoT devices and development practices. In addition, in 2018 the General Data Protection Regulation (GDPR) established that the maximum penalty for a data breach can reach 4 percent of company’s annual turnover in such a way obliging to protect the fundamental human right for privacy.

Evidently, such an international approach to cybersecurity regulations obliges market and private sectors to ensure the highest level of attention to the discussed issues. We perfectly know how IoT devices can help your business work efficiently so feel free to contact us to safeguard your data from all types of cyberthreats.