CBR looks at what the industry experts think 2015 has in store for the Internet of Things and security.
The Internet of Things continues to build momentum, with connected devices ranging from fridges, light bulbs and TV’s. The question is, what happens to the data these connected devices create? What do we need to do to secure these networks?
CBR looks at what the industry experts have to say on IoT and security, giving an indication on how the IoT landscape will look in 2015.
1. Nothing to worry about Vs Internet of Vulnerabilities
Security solutions provider WatchGuard assures the industry that the Internet of Things will not bring a rise of machines. The company stated: "Embedded computing devices (IoT or IoE) are everywhere and have security flaws. But today’s cyber criminals typically don’t just hack for the heck of it; they need motive. There’s not much value to having control of your watch or TV at this point, so we won’t see hackers targeting them directly, for now."
Michael Fimin, CEO at Netwrix, agrees, saying that IoT attacks will not become widespread in 2015. "While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015."
"Most attacks are likely to be ‘whitehat’ hacks to report vulnerabilities and proof of concept exploits."
For Dave Larson, CTO at Corero Network Security, the IoT brings to mind ‘to images of a zombie apocalypse’. He said: "These faceless devices are systematically making their way into our businesses and everyday personal lives."
"With this infiltration, comes the realisation that while we are enhancing our ability to interact with our increasingly electronic world we are also broadening the cyber threat landscape in leaps and bounds."
Jamie Longmuir, Regional Director at SafeNet, agrees that the Iot, and its threats, are here to stay in 2015. "Unlike other hype cycles, the Internet of Things, pretty much any consumer device capable of connecting to the Internet, and all its related security issues, is here to stay."
"Although there are a lot of conversations about baking security into consumer devices, these devices are all essentially vulnerable and we will see more conversations about how to build secure, authenticated, encrypted connectivity into all of our devices."
2. Attacks will focus on businesses, not consumers
Businesses will be the focus, not consumer products such as fridges. Carl Leonard, Principal Security Analyst, Websense commented: "…the real threat from IoT will likely occur in a business environment over consumer. Every new internet-connected device in a business environment further increases a business attack surface."
"These connected devices use new protocols, present new ways to hide malicious activity and generate more noise that must be accurately filtered to identify true threats. Attacks are likely to attempt to use control of a simple connected device to move laterally within an organisation to steal valuable data."
"In the coming year, manufacturing and industrial environments, in particular, are likely to see an increase in attack volume."
3. Rise of the botnet army
Corero Network Security’s Dave Larson issues a stark warning against devices and possible DDoS attacks in 2015: "In the case of DDoS attacks, the reality is that any device, infrastructure, application etc., that is connected to the Internet is at risk for attack, or even more worrisome, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims.
"This raises a lot of concerns and rightfully so, that this new type of attack surface could become wildly out of control in short order. Unless Internet service providers take intentional measures to deal with this class of attack, it is almost unthinkable to consider the scale and destruction that could be perpetrated by exploiting even a small fraction of the anticipated billions of IoT devices that will be deployed in the coming years."
"The IoT may very well be breeding its own army of botnets – buyers beware."