Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Internet of Things: A Force Multiplier for Cyber-Risk

Unprotected IoT devices represent a grave threat. Here's how you can make sure your company is not at risk.
By Tom Maher
Sep 17, 2018

For a long time, the security community has warned about the risks associated with the Internet of Things (IoT). The surprise, as these risks materialize into growing costs and losses, is that it is a surprise. The Mirai Botnet attacks in 2016 represented a global wake-up call, highlighting the reality of insecure Internet-connected hosts and forcing us to re-examine our assumptions about IoT security. This article will provide a practical starting point for business to address growing IoT security risks.

Externalities: Not My Problem!
Cybersecurity challenges relating to the IoT can be explained by economic externalities—or, in simple words, "not my problem." In the case of the Mirai Botnet attacks, the vendors of IoT devices, gateways and routers suffered no adverse consequences when their equipment was exploited, and the owners of the equipment were unaware of their participation in the resulting massive cyber-attacks.

The FBI has attempted to translate awareness into action, with their recent advisories to regularly reboot home routers. As a counter-measure, the Hide 'N' Seek botnet can survive device reboots, making it immune to the FBI's advisory action. Action does, however, need to be taken. Rather than regularly rebooting those devices, maybe it is time for replacement or decommissioning. How many insecure devices serve a forgotten purpose? The fundamental truth remains: many of these devices should not be directly connected to the public Internet.

The Internet of Things: A Force Multiplier for Cyber-Risk
The growth of our modern economies is substantially underpinned by digitization—which, in turn, is underpinned by the expansion of systems vulnerable to cyber-risks. The IoT represents a force-multiplier in digitization—and that's why it's a big deal. For that very reason, it also represents a force- multiplier in cyber-risk.

Bugs lead to vulnerabilities, which lead to exploits, since these bugs are in the libraries and operating systems that are both commonly used and mature. So, here are some simple questions to ponder: For any given IoT device, gateway or router, what's the probability that it has a bug? What's the probability some of these bugs represent vulnerabilities? What's the probability that these vulnerabilities are exploitable, now or in the future?

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations