IoT Moving Into 2020

/in , /by

 

The term “Internet of Things” was coined in 1999, gaining significant traction in 2011 after a report by Gartner added it to a list of emerging technologies. As more companies worked on advancing and creating new applications for IoT, the technologies involved gained ongoing global coverage. In its inception people often referred to the IoT as “embedded internet” due to its increasingly pervasive nature and presence in many aspects of our lives. Of course with any emerging technology there are associated risks, and these threats will grow and evolve as the technology does. In this article we will look into these risks, where IoT is moving, and the ways in which organizations are mounting defenses for their networks.

 

IoT is an umbrella term to include all devices with IP addresses connected to the internet. There are presently five types of IoT applications.

These include:

  • Consumer IoT–e.g. Light fixtures, connected thermostats and alarms, and systems such as Nest

  • Commercial IoT–these applications include healthcare and transport, connected pacemakers and other medical implants or wearables, and vehicle to vehicle communication

  • Industrial IoT–including network connected control systems, smart agriculture, and big data

  • Infrastructure IoT–this aspect of the IoT deals with network connectivity of smart city applications such as surveillance cameras, facial recognition, and traffic analysis devices

  • Military IoT–including application of IoT technologies in the military and police, to include network connected robotics and wearable biometrics for police and infantry

 

The technology underpinning the IoT allows users and systems to connect seamlessly to a wide array of networks and expands connectivity between physical and digital systems. With organizations and governments prioritizing this move into the cloud, the technology and protective measures must race to keep up with demand.

The number of IoT devices worldwide have been growing at a rapid pace from the late teens:

  • 2018–7 billion IoT devices

  • 2019–the number of devices more than triples to over 26 billion

  • 127 Devices are connected to the web every second

  • By 2025–more than 75 billion devices are expected to be connected

 

In the year 2020 it is predicted that 93 percent of enterprises will adopt IoT technology, 90 percent of cars will be web connected using IoT technology, and 3.5 billion cellular IoT connections will be installed.

 

According to the 2018 Open Web Application Security Project (OWASP), the most significant vulnerabilities for IoT technology include:

 

  1. Weak, guessable, or hardcoded passwords—such as short, simple, and publicly available passwords.

  2. Insecure or unneeded network services—which are installed on the device and may expose data such as sensitive and financial information to theft and eavesdropping.

  3. Insecure ecosystem interfaces—external interfaces that connect to the device. The connection may compromise the device and its components.

  4. Lack of secure update mechanism—such as un-encrypted data moving from outward sources towards the device, and poor security monitoring.

  5. Use of insecure or outdated components—such as open-source and third-party components that weren’t scanned for vulnerabilities.

  6. Insufficient privacy protection—failure to protect private information that is stored on the device and connected ecosystems.

  7. Insecure data transfer and storage—such as the lack of access control and encryption during the movement of data.

  8. Lack of device management—on devices deployed in production; results in poor security support.

  9. Insecure default settings—the inability to fix insecure settings creates exploits in devices and systems.

  10. Lack of physical hardening—creates a larger attack surface, which threat actors can leverage to take control of a device or system.

More IoT components mean a greater attack surface is exposed. The more points connected to the network, the greater the risk. Endpoint Detection and Response (EDR) tools can be employed to monitor endpoints and send alerts for critical security events. It is also important to scan devices before allowing connection to your network in order to prevent the introduction of vulnerabilities. Vulnerability scans on a regular basis help to ensure the health of the network.

It is also important to segregate network infrastructure to allow least exposure to the internet. This can be done by creating a dedicated network for IoT with limited access.

Moving into the new decade we can expect IoT devices to become more and more embedded in many aspects of our lives, both personal and professional. The technology enables a move towards digital transformation with many industries moving into the cloud. From the protection of personal devices to the defense of an entire network, it is critical that IoT security be taken seriously. With more connectivity comes increased risk of exposure. The more we entangle the physical and the digital, the more real the results of an attack or security leak become.