Blog

Why IoT Security is Important for Today’s Networks?

By |

Internet of Things is the acronym for IoT. With each ticking second, our lives are becoming more intertwined with digital gadgets and spaces. The Metaverse revolution set to unfold soon only deepens our digital interactions. Given the non-standard manufacturing of IoT devices and troves of data flowing through the IoT devices, we are constantly exposed to cyber-attacks. Vulnerabilities, cyber-attacks, data theft, and other risks arising from the usage of IoT devices make the need for IoT security solutions even more.

Why do we need IoT Security Solutions in today’s networks?

Lack of physical boundaries, improperly configured systems, non-standard gadget manufacturers, poor QC & QA (Quality Assurance and Quality Control) make a strong case when talking about IoT Security Solutions.

The need for IoT security solutions is supported by two primary cases:

  • Securing the functionality and digital perimeter of a network
  • Data privacy

IoT Devices – Network – Data in Numbers:

DivisionValue
Estimated IoT connections (by 2024)83 Billion
Active IoT Devices as of 202110 Billion
IoT Devices Market by 2026$1.3 Trillion
IoT Medical Devices by 2025$62 Billion
Data generated by IoT devices by 202573.1 Zettabyte
IoT Device connections per minute by 2025150,000+
Global IoT Healthcare Market reach$14 Billion
Estimated IoT Spending 2019 – 2025$15 Trillion
Market size of IoT in retail by 2025$94.5 Billion
Estimated Cellular IoT Connections by 20233.5 Billion
The worth of IoT enabled Smart Factories in the US by mid-2022$500 Billion
IoT devices used in clinics, medical offices, and hospitals in 2020 (according to Forbes)646 million
Annual spending on IoT Security Solutions in 2021 (according to Forbes)$631 million

Common Threat for IoT devices:

The foremost challenge for IoT devices is the wide range of threat vectors that they are often subjected to. While few are due to manufacturers and firmware developers, others can be due to targeted cyber-attacks and system exploitation. No wonder, as many as 2 in every 3 households in the United States complained about cyber encroachment in the past couple of years. Most of them don’t have IoT security solutions in place to protect their data. 

How hackers enter networks:

Outdated Operating Systems

IoT devices running outdated/unsupported OS are easily exploited. Hackers can bring down an entire network by accessing a single vulnerable system on the network. The 2017 WannaCry Ransomware targeted 300,000 machines running on Windows. It successfully breached those systems which had no security updates.

Poor Testing & Encryption

Poor QC and QA lead to poor testing and encryption. Adding the lack of IoT security solutions to the network with such devices means exposing the network to attacks. With the increased availability of high technology, eavesdropping has become a profession. Israeli researchers managed to eavesdrop using a light bulb!

Exposed Service Ports (Telnet and SSH)

A report on ZDNet in 2020 revealed that credentials of over 500,000 IoT devices, home routers, and servers were published by a hacker, after the Telnet ports we left open. Similarly, in 2017, Rapid7’s National Exposure Index claimed that over 10 million IoT and other devices have their Telnet ports open. The development teams should close the Telnet ports post-product deployment.

DDoS (Distributed denial-of-service) Attack

Botnets are used to send enormous traffic to the server/device causing it to stop functioning. In 2016 internet service provider Dyn became the victim of a large DDoS attack. This led to a severe outage.

Entry through HVAC and other Systems

Entry through HVAC and other remotely controlled systems is the biggest threat IoT networks face. Usually, vendors are given remote access for the installation of systems and firmware. The endpoints of the vendor systems are often unprotected by a strong firewall and IoT security solutions. Hackers see this as an entry to gain access to the entire IoT network.

Also Read: Rising threats on Critical Infrastructure amidst the Ukraine crisis

3 Most Vulnerable IoT Networks for Hackers!

Each IoT network comes with its band of IoT security solutions deployed at various levels and failure points. The Medical, Consumer, and Commercial IoT networks are often the most affected.

In a Consumer IoT network, the failure points are one too many. Devices operating on ancient operating systems and default passwords are the most vulnerable points.

In Commercial IoT networks, remote access vendors of unmanaged IoT devices are often the primary cause. Affordability (in the case of Consumer IoT devices), and insufficient security testing are often the primary reasons for threats arising in Consumer IoT and Commercial IoT networks. Unsupported/outdated operating systems and devices from diverse vendors running various operating systems are the challenges faced by the Minerals and Mining industry.

Despite various IoT security solutions that enterprises and consumers deploy, hackers still manage to break into networks through IoT devices and cause cascading effects. Without real-time management and dependable security solutions, these networks are often the softest targets for any hacker, hands down.

Even critical infrastructure is currently nowhere equipped to deal with a swarm of intense cyber-attacks.  

Insiders make the case for IoT Security Solutions compelling!

Many industries face the threat of snooping by their employees. There are verified reports of insiders planning to inject ransomware into systems, giving autonomous control and access to critical data to hackers. If not for the change of mind of the employee, Tesla would have been the victim of a bribed ‘malware attack’ on its system in 2019.

Enterprises must step up in how they would limit the access to critical and sensitive information only to a very few, without affecting the Knowledge Transfer and other production aspects. This opens up a whole new dimension – the need to protect data even when internal systems are compromised. This is where IoT security solutions come into play and are often the salvation for many enterprises.

Take a look at the state of OT and IoT cybersecurity in North America to understand how the kind of challenges OT and IoT infrastructure is currently facing.

The big question: Are IoT Devices safe?

Picture2 - sectrio
IoT Security research by Juniper Research

The answer is a YES. Most cyber-attacks are a result of clicking a malicious link, installation of malware (often bundled with freeware), and other mistakes from the user end. Computers have little to no interest in troubling themselves. You remove the user from the entire network, it’s almost impossible for a hacker to enter the network. While IoT security solutions do provide the luxury of comprehensive security, adopting security by design along with them is the best choice.

How do we deal with data privacy?

The increased access to advanced tech threatens every node of the digital world. Enterprises pay a hefty price when there is a data breach with regulators questioning their security infrastructure. This makes privacy the deciding factor when it comes to opting for security. While it is practically impossible to track everyone involved in the production chain of an IoT device, it should not be that difficult to choose the right IoT security solutions provider.

Too late before it is detected

IBM’s ‘Cost of Data Breach’ report stated that it takes an average of 287 days, that’s over 9 months before they detect a cyber-attack. By the time the breach is detected, hackers usually get access to key information, perform privilege escalation, and even export sensitive data.

You will be surprised to know only 2% of the traffic flowing through IoT devices is encrypted, and the rest 98%? Enterprises cannot leave something in the hands of the unknown and run operations. Protecting the IoT devices alone is not sufficient. Even protecting sensitive data when the systems are compromised is the way to move ahead in the current scenario.

Also Read: Approaching IoT security with diligence to improve value RoI

Detection does not mean Protection

Most security systems raise anywhere from 5000 to 10,000 alerts daily. This is way too much for someone to keep an eye on and go through each alert. This is what makes the job easier for hackers. According to Eyal Arazi, production manager in a security firm, ‘modern security systems probably detect too much’ – tells you the situation on the ground.

The biggest flaw in most IoT Security Solutions is the lack of ‘Context and Correlation’ of the alerts raised. Enterprises should enquire the provider about the capabilities of the security suite in correlating individual events and drawing a logical sequence out of them automatically.

Also Read: 2022 IoT and OT threat landscape assessment report 

Key Takeaways:

  • IoT device threats are real and demand immediate attention
  • Vulnerabilities and threats keep mutating, and so should IoT security solutions too.
  • Enterprises should be aware of the security measures opted by vendors.
  • Scheduling constant monitoring tracking of IoT devices, IDS, and IPS is vital
  • Separate networks for Corporate and IoT Device management
  • Access to a third party vendor only after a diligent security protocol
  • Introducing cryptographic hash keys for vendors to sign onto the network

The hyper-adoption of IoT devices is increasing the attack area manifold times, leaving security at the mercy of the hackers. Enterprises should jump in and adopt robust IoT security solutions to protect, prevent, and deter cyber threats. As highlighted, the severity is even more in the manufacturing, minerals, and mining industries, given the diversity in vendors, who supply critical equipment running on different operating systems.

Feeling vulnerable? Unsure about your enterprise’s security? Got some doubts? Our Security experts are available to look after all your IoT security solutions needs. To get a comprehensive detailed risk assessment of your enterprise’s security, do reach out to us. Click here to request a demo.

Share:
Sharath acharya, Technical Presales Director, Evangelist for Sectrio & is also a Certified Cyber Crime Intervention Officer with NSD. Sharath has been actively involved in devising critical infrastructure protection strategies that rely on in-depth threat research, Deception, and deflection strategies to deceive hackers and malware. Having been at the front-lines of cyber securing infrastructure, Sharath has seen cyber attacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio