Internet of Things Is The Next Big Security Risk

The Internet of Things (IoT) has been the target of many recent high profile cyber-attacks, but the full scale of its vulnerability is yet to be seen.

Rick Conklin, vice president of engineering at Dispersive Networks, writing for the Entrepreneur, argues that attacks like that inflicted on Twitter in late 2016, which was caused by a surge of bots on hijacked unsecured IoT devices, are only set to become more commonplace.

According to Juniper Research, whose recently published report titled Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 examined consumer and corporate IoT usage, the number of installed IoT devices for consumers alone will surpass over 15 billion units by 2021.

In another study, this time conducted by HP, it was found that some 70% of IoT devices are currently vulnerable to attack. When considered alongside how many unprotected devices will soon be online and susceptible, Conklin believes that the security risk posed is "beyond anything we've currently seen in the realm of cybersecurity".

However, he notes that much of this insecurity is down to bad security habits rather than sophisticated software or hackers. These include the use of pre-set passwords and default usernames.

Perhaps most significant is the threat posed to the healthcare system. Action Fraud issued a report on 17 February warning of the latest scam, this time coming in the form of a fake tax rebate. This is not the first time the NHS has been attacked.

Earlier in January, an investigation by National Health Executive (NHE) revealed that cyber-attacks on the NHS had more than quadrupled in the past four years.

Nor is it a uniquely British problem, as a report by the European Union Agency for Network and Internet Security (ENISA) last year uncovered an alarming trend across the EU of ransomware targeting MRI machines, CT scanners and even dialysis pumps.

The cyber security agency commented: "The need for improved, and even remote, patient care drives hospitals to transform by adapting smart solutions, ignoring sometimes the emerging security and safety issues. Nothing comes without a price: hospitals are the next target for cyber-attacks."

While these attacks were targeting data, a large-scale attack may put lives in danger if vital machinery is shut down.

Conklin suggests that hospitals "adopt improved security practices such as: password management, policies to ensure all devices are up to date/passwords get changed, network segmentation, software-defined network overlays with security built in and improved data management policies. Vital to ensuring that these practices get used successfully will be administrators that make them part of the hospital's workplace culture."

MisCo:

Internet of Insecure Things:

Internet of Things will drive the Digital Revolution of Industry:

 

« Technology Will Demolish Slow Internet Speeds
Warning Over Russia's Cyber Warfare Methods »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

SECUINFRA

SECUINFRA

Since 2010, SECUINFRA have specialized in detecting, analyzing and defending against cyber attacks.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.