What is the Internet of Things?
The Internet of Things (IoT) isn’t a new concept. It was first used in a presentation by Kevin Ashton at MIT in 1999 but took another ten years to become a reality. Technology enhancements like RFID tags, broadband internet, cellular and wireless networking needed to evolve for that to happen. In addition, the cost of adding sensors and an internet connection must drop.
Today, the concept of IoT is omnipresent, considering there are more IoT-connected devices than humans. And the number keeps growing thanks in great measure to 5G technology.
How Large is the IoT?
Numbers vary depending on the resource you trust, but Juniper Research pegs it at 46 billion in 2021. IDC predicts 41.6 billion IoT devices connected by 2025, while Martech Advisor estimates that number will jump to 125 by 2030. By then, every user will own 15 connected devices. In 2020, the average number of connected devices per household was 10.
In short, the Internet of Things surrounds us from the moment we awaken until we go to bed. By definition, IoT refers to these billions of devices with one thing in common – they each connect to the internet and communicate within a network independently of human interaction. But, equally important, they each collect and share data.
The types of devices are endless:
- smartwatch
- fitness bands
- webcams
- printers
- doorbells
- thermostats
- jet engines
- toys
- driverless cars
- light bulbs
Again, if you can connect the device to the internet to collect and share data, you’re working with an IoT device.
The Benefits of IoT
The Internet of Things benefits industries and consumers alike.
The Industrial Internet of Things (IIoT) refers to IoT technology in a business environment. Its primary purpose is to measure and optimize industrial processes through improved data, analytics, and artificial intelligence.
IoT delivers greater agility and efficiency by providing companies with more information about their products and internal systems. As a result, numerous industries, including retail, manufacturing, healthcare, transportation, and energy, actively use IoT to understand better consumer needs in real-time to elicit a faster response. At the same time, companies use the technology to improve machine and system quality, streamline operations, and discover new ways to operate under the umbrella of digital transformation.
For example, a manufacturer can detect when a component may fail and change it before it creates an issue. In addition, that same manufacturer can increase data accuracy to improve supply chain efficiencies allowing for just-in-time delivery. A healthcare provider, for instance, can use the Internet of Medical Things (IoMT) to improve diagnoses and treatment plans with wearables that monitor exercise, sleep, and other health habits.
For consumers, the IoT offers greater convenience. IoT devices, for example, make it easier to monitor your home’s security, play music, stock your refrigerator, save energy, and much more.
Security Presents an Ongoing Concern with IoT
Despite the pluses associated with IoT, one major drawback is security. Remember, their connectivity to the internet makes these devices vulnerable. For that matter, devices using Bluetooth connectivity also count as IoT devices.
The state of affairs with IoT security is so poor that President Biden’s executive order on cybersecurity issued May 12 seeks to accelerate the process of IoT security. It calls for the National Institute of Standards on Technology (NIST) to pilot programs to educate the public on IoT devices. The order also seeks to identify IoT cybersecurity criteria for consumer labeling to support consumer understanding.
Too many IoT devices, for example, lack essential security functions like encryption. In addition, software flaws expose devices to hackers. Unfortunately, many devices lack patching capabilities making them permanently at risk. It’s little wonder hackers now routinely target IoT devices.
These risks apply to consumer devices and business devices. Connecting industrial machinery to IoT networks elevates the potential risk of hackers gaining access to critical infrastructure. It’s incumbent on businesses to isolate and protect networks with data encryption and other security measures. Unfortunately, many organizations fail to plan their IoT security accordingly. That, coupled with the inherent security weaknesses of IoT devices themselves, creates an open environment for hackers.
Security Challenges Associated with IoT Devices
The more ways devices connect, the greater the chances a threat actor can breach them. HTTP and APIs, for example, provide immediate channels for cybercriminals to attack. In essence, IoT devices represent low-hanging fruit for hackers.
According to a Palo Alto Networks report, 57% of IoT devices are vulnerable to medium- or high-severity attacks. Additionally, Nokia presented that in 2020, 32.75% of all detected infections in mobile networks stemmed from IoT devices.
Other security issues associated with IoT devices include:
Remote Exposure
Owing to their internet-supported connectivity, IoT devices present a large attack surface. The larger surface area relates to the increased number of endpoints associated with the devices. Not surprisingly, the more services a device offers over the internet, the more services open to attack.
Securing IoT devices requires real-time authentication and authorization, making the endeavor more complex. In addition, compromising these devices requires little sophistication from a hacker.
Improper Planning
The proliferation of IoT devices places greater reliance on the technology based on inherently less secure devices. In addition, many companies fail to plan and budget for the additional security required.
Device Vulnerabilities
Some IoT devices lack the computing power for built-in security like anti-virus software, firewalls, and end-to-end encryption. Limited budgets for developing and testing secure firmware exacerbate the issue. In addition, most IoT applications use little data to reduce costs and extend battery life. But that makes them difficult to update Over-the-Air (OTA). For example, cars using a wireless FOB that relies on Bluetooth are susceptible to attack. Threat actors scan and replicate the FOB’s interface, enabling them to steal the associated vehicle.
Outdated Software
Device manufacturers must ship devices without known vulnerabilities. At the same time, they need to include updated functionality to allow for patching of vulnerabilities identified during use. For that matter, it’s incumbent on device manufacturers to incorporate best practices to avoid vulnerabilities.
Because many IoT devices lack the regular software security updates of a computer, they’re open to malware attacks. IoT botnet malware is a frequently encountered variant. Botnets refer to a network of infected devices often used for DDoS attacks.
Lack of Standards
Device manufacturers lack universal IoT standards for security, making it somewhat of a free-for-all. So, companies develop their own protocols and guidelines. That makes securing IoT devices more complex and opens the door for weak passwords, hardware issues, old and unpatched operating systems, and insecure data transfer. As mentioned, some devices even lack a patching mechanism altogether.
Encryption
Often devices lack encryption and store API tokens or credentials in plain text. In fact, in the Palo Alto report mentioned earlier, 98% of all IoT traffic is unencrypted. Unfortunately, basic text communication exposes the data to a Man-in-the-Middle (MitM) attack. As a result, any cybercriminal can more readily infiltrate the network path between a device and endpoint and steal data.
Insufficient device authorization and authentication also plague IoT devices commonly. As a matter of fact, many devices have no authentication. That opens a gateway to an entire network or assimilation into a botnet.
Device Mismanagement
Device users lack the knowledge and capability to implement proper security measures, noted by President Biden’s executive order. Moreover, the issue magnifies due to the increased work-from-home arrangements.
What Can You Do to Secure IoT Devices?
Despite all the security flaws and issues, it’s possible to make your IoT devices more secure and reduce your risks. Here are some solutions to consider:
- Eliminate device default passwords in favor of more secure, stronger passwords and usernames. You might also want to eliminate default features you won’t use.
- Deploy multi-factor authentication. MFA provides another layer of security in the event a password fails.
- Keep software current with patches.
- Use a VPN for encryption for additional layers of security.
- Secure your internet connection starting with the router. Left unsecured, it’s a simple pathway for an attack. Replace default settings with secure alternatives and set the highest level of encryption possible, preferably WPA2 encryption.
- Establish a monitoring system to track device health and alert administrators for unusual events.
- Segment your network into multiple sub-networks. Doing so allows you to focus on the most critical data concerns while limiting your network exposure.
- Make your security measures scalable. The number of IoT devices connecting to your network will likely grow. It’s essential to have a solution that lets you scale as your IoT devices proliferate
Need Some IT Support to Make Your IoT More Secure?
If you’re a small to medium-sized business, taking on all the security concerns relating to IoT devices is daunting. The sizeable number of devices and associated endpoints alone makes the task difficult.
Talk to us. Our IT solutions focus on the needs of SMBs in the Central PA area covering Harrisburg, York, Lancaster, Lebanon, and surrounding areas. In addition, we have cybersecurity services that can lock down your IoT security.
Give us a call and ask us about a FREE vulnerability scan that will document your points of attack.
