Internet of Things: Cyber Security Threats In 2020

The future of Internet of Things (IoT) is has arrived.  IoT applications have been widely adopted in many fields of industry, including  healthcare, energy and industrial automation. While enjoying the convenience and efficiency that IoT brings to us, new threats from IoT also have emerged.

 IoT devices are meant to work in concert for people at home, in industry, or in the enterprise, however they also allow criminal hackers easy ways into your computer systems.

IoT devices are designed to connect wirelessly to any network and can both recieve and transmit data. These devices can communicate and interact over the Internet, they can be remotely monitored and controlled and they can also be attacked.

IoT Spend
And as IoT spending will probably reach $745 billion in 2019 and surpass the $1 trillion mark in 2022. That’s a 15 percent increase over 2018’s $646 billion. And according to some estimates, the US and China will be spending the most at $194 billion and $182 billion, respectively. They are followed by Japan, Germany, Korea, France, and the UK.  

Cyber Burglars
And so just as a current burglar looks increase in potential targets for the same weak point in a home as criminal burglars did a hundred years ago, such as an unlocked backdoor, open window, hackers have the same mindset to note an increase in potential targets and then to identify a weakness in the system, exploit, rinse and repeat. 

Until very recently this meant a limited number of vulnerable points of access, computers were protected by anti-virus software, and modems had complex inbuilt security measures. But as technology has advanced, and additional connected devices are being added, the “attack surface” has continued to expand. 

Smart home devices offer more access points than ever before, wireless lights, thermostats, home security sensors, intelligent streetlights, smart meters and many more. These millions of sensors and devices present a great opportunity for hackers and a great vulnerability to everyonel.

The Internet of Things allows us to carry out activities far easier and faster than ever before. But as the landscape develops, we must ensure that it does not present bad actors with a backdoor into our lives. 

Privacy and Security is a Serious Problem
Devices are collecting ever-increasing amounts of information. This might be as basic as the IP addresses our IoT devices communicate with to the state of our health. With the advent of 5G, even more data will be collected, stored and shared across devices and platforms. Without proper security measures in place, every piece of data we generate, whether intentionally or passively, will be open for identify theft, financial gain, and potentially even damaging to our health. 

Merging Physical and Cyber Security 
We are beginning to see technologies physical and cyber becoming entwine. By merging physical and cyber, with bi-directional feedback between the domains we’re able to gain greater insights into behavior patterns, which allow us to continually innovate products and provide better endpoint security. There are practical use-cases that prove the benefit of combing the physical and cyber on one platform. For example, when abnormal behavior or an attempted intrusion is detected on the network, a monitored alarm system can automatically arm itself in expectation of a potential burglary. Now,if an attempt is made to access the home network onsite during a time that the IoT/alarm system does not expect someone to be at home then an alarm can be raised. The same monitoring center that monitors burglary alerts can learn to deal with cyber alerts, but you must ensure that this happens.

IT Professionals have New Concerns
The more devices become ubiquitous within organisations, the higher the risk. Securing IoT networks from attack is essential but is full of significant challenges. Many modern IoT devices lack the power and sophistication required to support traditional security measures. 

The strongest IoT network is only as strong as its weakest link. A single point of failure can enable multiple points of attack.  IoT Threat can be classified into 4 types:

  • Denial of Service (DoS) – This threat denies or prevents user’s resource on a network by introducing useless or unwanted traffic
  •  Malware – Attackers use executable code to disrupt devices on the IoT network. They may gather sensitive information, or gain unauthorized access to the devices. The attacker can take advantage of flaws in the firmware running on the devices and run their software to disrupt the IoT architecture.
  • Data breaches – This is a security incident where sensitive, protected or confidential data is retrieved from the network. Attackers can spoof ARP packets to listen on the communication between peers on the network.
  •  Weakening Perimeters – IoT network devices are currently not designed considering the pervasive security. Network security mechanisms are not often present in the devices making the network a vulnerable one for threats 

Shortage of Cyber Experts Continues
Most cyber security ecosystems are developing a variety of cyber solutions by collecting vast amounts of information from the network and endpoint devices in order to detect untrustworthy malicious activity in the IoT network. Even with AI as part of the decision-making process, a human eye is still needed but, the shortage of cyber training resulting in fewer experts is increasing.

This drives most IoT service providers to give up, creating the need for a SOC-less solution. 2020 will see the rise of alternative security solutions, such as our SigmaDots technology, dramatically decreasing the need for a SOC service by enabling a self-protected ability to block most of the attack methods and vulnerabilities that hackers are using to attack IoT networks.

With technology permeating into more and more aspects of our lives, we must begin thinking about securing our smart devices with the same (or even more) seriousness as we do leaving our front doors unlocked, or our wallets unattended. 
 

Techradar:         ZScaler:         Arvix 1:         Arvix 2


You mIght Also Read:

Easy Cyber Knowldege Ch.4 The Internet of Things (£):

Manufacturing And The Industrial IoT:

« Australian Parliament Hacked
British Elections: The Parties Manifestos On Cyber »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.