Year after year, seemingly since the induction of the world wide web, new sophisticated and pressing cyber threats have cropped up – from new targets for hackers to new issues appearing overnight in the cyber security space. And like all other years, 2018 will be no different. One area in particular that has gained a lot of attention is in IoT devices. These Internet connected devices have increasingly begun to appear in both the public and private sectors. In an article published by IoT News, an IoT industry magazine, Silobreaker, the London-based security and intelligence firm that builds intelligence technology that makes sense of unstructured data on the web, highlights three pressing cyber threats to IoT devices that enterprises need to be aware of.
Industrial takedowns
When we think of IoT devices, many of us will picture innovative gadgets like Amazon’s Alexa or FitBit wearables and won’t think to imagine all the IoT devices that can be found in the industrial workplace. With experts predicting that by 2020, 25 percent of cyber-attacks will target IoT devices, we can expect many enterprises gearing up their industrial cyber security environment.
Just within the past few years, we’ve seen malware like Mirai, Okiru, and Satori reign terror across industries, posing major risks to manufacturing, where the reduction of a connected device’s processing power can seriously impact safety or disrupt processes. And the trend for infection and covert use of IoT devices to mine cryptocurrencies or conduct DDoS attacks isn’t going to slow down anytime soon. In fact, as technology becomes more sophisticated, the more likely we’ll see malicious malware pop up. It is prevalent that enterprises begin to look for secure cyber security solutions due to the tendency for industrial IoT devices to be both poorly secured and difficult to patch, especially across a distributed environment such as manufacturing.
Finding knowledgeable security professionals
Another area of concern that enterprises need to made aware of is that humans, while vital to the processes, are still the weakest link in the security chain. And as malware and technology advances, hiring and training people who can understand and respond to issues in the threat space is becoming more and more difficult. Unfortunately, demand is rising much faster than supply, with nearly 3.5 million unfilled positions in the cyber security field predicted by 2021.
The lack of filled positions could be attributed to the lack of timeliness in hiring, training and retaining the next generation of cyber security experts. Skills needed to protect ourselves: analyzing information, separating intelligence from noise, and understanding the motivations of threat actors must be cultivated. In other words, gaining valuable skills like these will take time. Silobreaker simple believes that this is not happening fast enough. If skill gaps widen too fast, and too quickly, it won’t matter how much companies are willing to pay to fill these vital positions, as there simply won’t be the necessary knowledge or skill set to do fulfill what needs to be done.
In order to mitigate this issue, Silobreaker suggests enterprises take the initiative to put more effort in the hiring processes as well as routinely hold up-to-date training programs to help cyber security experts.
Omnipresent threat of data security
And of course, the omnipresent concern of theft and manipulation of personal information from IoT devices will persist throughout 2018. As we introduce more connected devices into our lives, we need to get use to the idea that our personal information has the potential to be accessed by unauthorized persons and that it is at risk now more than ever.
While some willing sacrifice security for the sake of convenience, many IoT users are unaware of the amount of sensitive information the device could potentially hold. For example, researchers discovered that when equipped with malware, Amazon’s Echo devices – which are equipped with the company’s virtual assistant, Alexa – are able to stream audio to a remote server. Or when a Bluetooth vulnerability rendered Echo, Google Home and billions of other devices vulnerable to hijacking.
When it is this easy to hack IoT devices, identity theft and the resale of shopping habits are all extremely possible and are realities that consumers must start facing. The data gathered by these devices can also enable crime in the physical world. If a user regularly uses their smart assistant via an IoT connected device to place their weekly groceries, any irregularities in your shopping habits may signal to any hackers and cyber thieves who are listening while incognito will more than likely guess that there is nobody at home to order groceries.
And this is just one potential method by which our personal information and/or private actions could be used against us. Mitigating data theft from devices like the Echo is both a manufacturer issue as much as it is a consumer one. The more these devices are sold and used, the more attractive targeting them becomes for criminals. At the same time, the longer hesitant consumers wait before purchasing, the more tried, tested and secure this technology becomes. One action that users can take to reduce the risk of security ‘oversights’ is to purchase devices from quality and trusted vendors. Fundamentally, it also comes back to the very personal question of convenience versus security; to what extent are the risks worth the rewards?