More connected devices mean more attack surfaces and greater risks and more possibilities for hackers.
According to market watcher Gartner, there will be nearly 26 billion devices on the Internet of Things by 2020. It is also predicted that over 25 percent of identified attacks in enterprises will involve IoT.
More and more organisations are jumping into the world of Internet of Things, making use of and creating various connected devices for everything from autonomous vehicles to sensors on machine plant and machine to machine monitoring across smart city transport, telecom and energy systems. However, many of these businesses remain unaware of the potential privacy and security risks that arise from IoT devices.
The endless variety of IoT applications poses an equally wide variety of security challenges. The advice is that security should be implemented from the operating system level.
A statement from WindRiver, which supplies embedded software for intelligent connected systems said: “The same intelligence that enables devices to perform their tasks, must also enable them to recognise and counteract threats.”
Some embedded devices have been targeted and compromised over the last 15 years, since before the rise of IoT. However, what has been specifically identified from the manufacturing of the various devices is that either little thought is given to security and for the few that have- the security remains in-effective.
The continuous hype surrounding Internet of Things highlights that it is something that is and will continue to be an integral part of business and society, the worrying factor is that many businesses are failing to adapt their cyber strategies.
This leads to the recent news of the European Commission’s plan to set up rules to force businesses to apply to secure IoT.
The issue is in part based on the belief that connected devices should be protected through the network or may not even need to be secured.
In an interview with CBR, Roland Dobbins, Principal engineer at Arbor Networks said: “Embedded devices are somewhat abandoned as we do not interact with them all the time, but there needs to be the same security implemented as you would on a smartphone.”
Also, the lack of awareness of the need for network security alone exposes the device, sensor or embedded system to risk in itself. As IoT evolves, organisations will need to bolster network security and recognise its importance.
Ross Brewer, VP and MD EMEA at LogRhythm said: “A ‘smart’ kettle in the office kitchen may sound harmless, but if it’s connected to the network then it could quite easily become a target for hackers attempting to gain access to corporate information.”
Therefore, security intelligence is needed. While systems such as firewalls and anti-virus software are important, today’s threat landscape combined with the challenge of managing the growing number of data means it is increasingly important that businesses have tools in place that reduce the time it takes to detect and respond to threats.
In a statement Cisco advised: “Security executives should proceed by building a more integrated and scalable enterprise-class network security architecture in the short term. It’s not enough to just add more security components to the network; it will be essential to truly converge the various components so that they work together.”