Internet of Things Is The Next Big Security Risk

The Internet of Things (IoT) has been the target of many recent high profile cyber-attacks, but the full scale of its vulnerability is yet to be seen.

Rick Conklin, vice president of engineering at Dispersive Networks, writing for the Entrepreneur, argues that attacks like that inflicted on Twitter in late 2016, which was caused by a surge of bots on hijacked unsecured IoT devices, are only set to become more commonplace.

According to Juniper Research, whose recently published report titled Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 examined consumer and corporate IoT usage, the number of installed IoT devices for consumers alone will surpass over 15 billion units by 2021.

In another study, this time conducted by HP, it was found that some 70% of IoT devices are currently vulnerable to attack. When considered alongside how many unprotected devices will soon be online and susceptible, Conklin believes that the security risk posed is "beyond anything we've currently seen in the realm of cybersecurity".

However, he notes that much of this insecurity is down to bad security habits rather than sophisticated software or hackers. These include the use of pre-set passwords and default usernames.

Perhaps most significant is the threat posed to the healthcare system. Action Fraud issued a report on 17 February warning of the latest scam, this time coming in the form of a fake tax rebate. This is not the first time the NHS has been attacked.

Earlier in January, an investigation by National Health Executive (NHE) revealed that cyber-attacks on the NHS had more than quadrupled in the past four years.

Nor is it a uniquely British problem, as a report by the European Union Agency for Network and Internet Security (ENISA) last year uncovered an alarming trend across the EU of ransomware targeting MRI machines, CT scanners and even dialysis pumps.

The cyber security agency commented: "The need for improved, and even remote, patient care drives hospitals to transform by adapting smart solutions, ignoring sometimes the emerging security and safety issues. Nothing comes without a price: hospitals are the next target for cyber-attacks."

While these attacks were targeting data, a large-scale attack may put lives in danger if vital machinery is shut down.

Conklin suggests that hospitals "adopt improved security practices such as: password management, policies to ensure all devices are up to date/passwords get changed, network segmentation, software-defined network overlays with security built in and improved data management policies. Vital to ensuring that these practices get used successfully will be administrators that make them part of the hospital's workplace culture."

MisCo:

Internet of Insecure Things:

Internet of Things will drive the Digital Revolution of Industry:

 

« Technology Will Demolish Slow Internet Speeds
Warning Over Russia's Cyber Warfare Methods »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.