Internet of Things: Cyber Security Threats In 2020

The future of Internet of Things (IoT) is has arrived.  IoT applications have been widely adopted in many fields of industry, including  healthcare, energy and industrial automation. While enjoying the convenience and efficiency that IoT brings to us, new threats from IoT also have emerged.

 IoT devices are meant to work in concert for people at home, in industry, or in the enterprise, however they also allow criminal hackers easy ways into your computer systems.

IoT devices are designed to connect wirelessly to any network and can both recieve and transmit data. These devices can communicate and interact over the Internet, they can be remotely monitored and controlled and they can also be attacked.

IoT Spend
And as IoT spending will probably reach $745 billion in 2019 and surpass the $1 trillion mark in 2022. That’s a 15 percent increase over 2018’s $646 billion. And according to some estimates, the US and China will be spending the most at $194 billion and $182 billion, respectively. They are followed by Japan, Germany, Korea, France, and the UK.  

Cyber Burglars
And so just as a current burglar looks increase in potential targets for the same weak point in a home as criminal burglars did a hundred years ago, such as an unlocked backdoor, open window, hackers have the same mindset to note an increase in potential targets and then to identify a weakness in the system, exploit, rinse and repeat. 

Until very recently this meant a limited number of vulnerable points of access, computers were protected by anti-virus software, and modems had complex inbuilt security measures. But as technology has advanced, and additional connected devices are being added, the “attack surface” has continued to expand. 

Smart home devices offer more access points than ever before, wireless lights, thermostats, home security sensors, intelligent streetlights, smart meters and many more. These millions of sensors and devices present a great opportunity for hackers and a great vulnerability to everyonel.

The Internet of Things allows us to carry out activities far easier and faster than ever before. But as the landscape develops, we must ensure that it does not present bad actors with a backdoor into our lives. 

Privacy and Security is a Serious Problem
Devices are collecting ever-increasing amounts of information. This might be as basic as the IP addresses our IoT devices communicate with to the state of our health. With the advent of 5G, even more data will be collected, stored and shared across devices and platforms. Without proper security measures in place, every piece of data we generate, whether intentionally or passively, will be open for identify theft, financial gain, and potentially even damaging to our health. 

Merging Physical and Cyber Security 
We are beginning to see technologies physical and cyber becoming entwine. By merging physical and cyber, with bi-directional feedback between the domains we’re able to gain greater insights into behavior patterns, which allow us to continually innovate products and provide better endpoint security. There are practical use-cases that prove the benefit of combing the physical and cyber on one platform. For example, when abnormal behavior or an attempted intrusion is detected on the network, a monitored alarm system can automatically arm itself in expectation of a potential burglary. Now,if an attempt is made to access the home network onsite during a time that the IoT/alarm system does not expect someone to be at home then an alarm can be raised. The same monitoring center that monitors burglary alerts can learn to deal with cyber alerts, but you must ensure that this happens.

IT Professionals have New Concerns
The more devices become ubiquitous within organisations, the higher the risk. Securing IoT networks from attack is essential but is full of significant challenges. Many modern IoT devices lack the power and sophistication required to support traditional security measures. 

The strongest IoT network is only as strong as its weakest link. A single point of failure can enable multiple points of attack.  IoT Threat can be classified into 4 types:

  • Denial of Service (DoS) – This threat denies or prevents user’s resource on a network by introducing useless or unwanted traffic
  •  Malware – Attackers use executable code to disrupt devices on the IoT network. They may gather sensitive information, or gain unauthorized access to the devices. The attacker can take advantage of flaws in the firmware running on the devices and run their software to disrupt the IoT architecture.
  • Data breaches – This is a security incident where sensitive, protected or confidential data is retrieved from the network. Attackers can spoof ARP packets to listen on the communication between peers on the network.
  •  Weakening Perimeters – IoT network devices are currently not designed considering the pervasive security. Network security mechanisms are not often present in the devices making the network a vulnerable one for threats 

Shortage of Cyber Experts Continues
Most cyber security ecosystems are developing a variety of cyber solutions by collecting vast amounts of information from the network and endpoint devices in order to detect untrustworthy malicious activity in the IoT network. Even with AI as part of the decision-making process, a human eye is still needed but, the shortage of cyber training resulting in fewer experts is increasing.

This drives most IoT service providers to give up, creating the need for a SOC-less solution. 2020 will see the rise of alternative security solutions, such as our SigmaDots technology, dramatically decreasing the need for a SOC service by enabling a self-protected ability to block most of the attack methods and vulnerabilities that hackers are using to attack IoT networks.

With technology permeating into more and more aspects of our lives, we must begin thinking about securing our smart devices with the same (or even more) seriousness as we do leaving our front doors unlocked, or our wallets unattended. 
 

Techradar:         ZScaler:         Arvix 1:         Arvix 2


You mIght Also Read:

Easy Cyber Knowldege Ch.4 The Internet of Things (£):

Manufacturing And The Industrial IoT:

« Australian Parliament Hacked
British Elections: The Parties Manifestos On Cyber »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Archer Technologies

Archer Technologies

Archer helps organizations manage risk in the digital era—uniting stakeholders, integrating technologies and transforming risk into reward.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.