There is a lot of buzz around the Internet of Things (IOT). Huge technological advances have been made in the IOT and there are set to be huge leaps and bounds in the next 5-10 years. These advancements however, come with a darker side as the connected devices are creating millions of cyber security weak spots.
Hackers can build huge systems of devices to barrage websites with traffic, rendering all your devices; the digital video recorder in your living room, the default passwords on your phone and consoles and the security camera at the office; a security risk.
Earlier this month there was a substantial cyber-attack on Dyn, a domain name service provider, that interrupted access to high profile sites such as Twitter and Spotify. Tens of millions of devices were breached by unidentified hackers using malicious software name Mirai.
The excitement that we can use our phones to control our heating in our homes or to detect intruders using cameras, has meant that developers have become complacent about security with some manufacturers having little knowledge of cyber-security. With clear rules and regulations not in place, millions of consumers have been left vulnerable.
Michael Sutton, chief information security officer of Zscaler, a cloud security company, says the attack on Dyn, would be a “wake-up call” for the hardware industry.
“Security in the hardware industry is a decade behind where it is in the software industry,” he says. “Mirai was successful because so many webcams, digital video recorders, etc have been produced with default passwords that have never been changed. A simple internet scan identifies them and they can quickly be compromised.”
The research firm Gartner forecasts huge things for the future with more than 20 billion connected devices globally by 2020 and consumers spending a huge $1.5tn on the IOT. The research firm predicts that more than 25% of attacks on companies will involve connected devices by 2020, but only 10% of company’s budgets will go towards protecting themselves against these types of attack.
Shuman Ghosemajumder, chief technology officer at Shape Security, agrees it is tough for regulators to “solve the problem” as security challenges are constantly changing when hackers develop new techniques. But he says they should be responsible for setting “minimum expectations and norms”.
“The industry as a whole needs to do a better job. There’s no question that the growth of the ‘Internet of Things’ has been fuelled by the excitement around the internet connection enabling new functionality and security has taken a back seat,” he says.
However, potential targets such as Dyn, a service that many major businesses rely on to provide access to their sites, also must become more knowledgeable about security and how to better protect themselves against cyber-attacks.