Read Time: 5 Minutes
For a long time the Internet of Things (IoT) was not a business security topic at all. Business networks were constantly attacked in traditional ways and the attacks included mobile devices brought by employees (BYOD) as time progessed. At this point in time no experts can definitely say what implications the IoT will have, because we are pretty much at the beginning of the developments. A study done by Gartner implies that there will be 4.9 billion devices connected to each other by the end of 2015. This number will supposedly grow to 25 billion by 2020. And there are already a lot of business ideas to earn money with this new technological development. This leads to very heterogenous architectures that generate new threats.
What is the Internet of Things?
The Internet of Things (IoT) will be the bridge between the real and the virtual world by implementing devices that simplify and automate life itself. Main goal is to embed different devices in such a way that they are fully implemented and exist as silent support for all parts of daily life. In the long term all devices in the IoT should be self-sustainable and exchange information in a way that leaves very little need for support by human beings. Even today so called Wearables (devices like smart watches and wristbands) communicate with networks to process health information and positional data.
Because the devices on the IoT are so closely connected and embedded in human life, it is mandatory that security remains a top priority to ensure that personal data is not accessible to unauthorized people (using RFID chips for example). All of this will be achieved by a standardization of all architectures that are part of the IoT and should lead to an integration of every device with a microcontroller into the Internet of Things.
Vulnerable systems are on the rise
It is impossible to see the complete potential for threats that may evolve from more IoT devices, because no one can pinpoint the scope of threats and developers of devices for the Internet of Things do not primarily concern themselves with security. It is however mandatory to develop security solutions for heterogenous system architectures. It is already time to evaluate the manyfold risks and find solutions where possible. The problems that developers of such solutions face are: what kinds of devices will be used in what form and in which architecture and using which operating system? Closed structures like Apple’s iOS are – at least at first sight – the most secure for this.
Not only developers of operating systems and architectures, developers of applications for the Internet of Things, but also cybercriminals have started defining their goals. As mentioned before hackers and developers of cyberattacks are constantly on the hunt for the easiest targets and the IoT gives them a wide variety of new devices as targets. This is why security providers have started with their own research to be able to deliver and guarantee protection in the future.
Results are completely unclear
To achieve the most secure Internet of Things possible from the get-go there are quite a lot of factors that need to be kept in mind. Especially because no one knows what security breaches cybercriminals may find, basic principles on how devices communicate with each other need to be established. While no one would think of securing a refridgerator or thermostat, they can still be threats to the overall network if they are connected to other – possibly more important – devices.
There are countless examples that show that even seemingly unimportant nodes in a network can lead to security breaches. An example from the beginning of the Internet illustrates this well: While the NASA mainframe was protected well and only administrators were able to access sensible data, there were library nodes that were connected to the NASA mainframe. The library computers were publicly accessible without certified accounts. This helped clever hackers find a security hole: They used the library computers to log on as administrators for the local machines (the installed UNIX operating system still had the predefined passwords for administrator privileges). The mainframe inherited the user privileges from the remote library computers and suddenly the hackers gained administrative privileges on the mainframe.
Hacker Gary McKinnon used a very similar approch in 2001 and 2002. And those examples illustrate clearly: Each and every device needs to be protected to not become a possible entrypoint for security breaches.
What can be done?
Nowadays a SmartTV is used to deliver presentations in more and more companies worldwide, employees have their own tablets and smartphones. And the sheer amount of devices will only increase and not decrease as the aforementioned study by Gartner cleary shows. This makes it mandatory for every business to work with security providers that keep their fingers on the pulse of developments and research the implications the intelligent devices will bring. Additionally businesses need to decide for each device whether or not they absolutely must be part of the internal WiFi or can be put in a DMZ. IT professionals need to be on the lookout for developments and updates – be it for the network or for their own knowledge.
If you want to stay informed about the developments and how the Internet of Things changes our planet, subscribe to our newsletter. This guarantees you you never miss developments in this important area.