What Exactly Is the Internet of Things?
The Internet of Things (IoT) is simply an interconnected array of electronic devices that are linked by the Internet, through which they can transmit and receive data. The original “thing” was a Coca Cola vending machine that was able to report back to HQ how many bottles of soda were left inside, and whether they were ice cold. But, along with the Internet, the world of IoT has come a long way since then. IoT is now a widespread and growing phenomenon that can be classified into two main domains: Consumer and Business:
Consumer IoT: Devices that are part of the smart home such as refrigerators, door locks, light bulbs, surveillance systems, as well as IoT consumer/lifestyle devices such as fitness bands, smartwatches, and drones.
Enterprise/Business IoT: Mainly segmented by its verticals to include devices such as electricity, gas, and water meters used by utility companies, and devices used in connected vehicles, retail, health, shipping, and agriculture.
The proliferation of IoT reached a significant milestone this year when the number of IoT devices exceeded the world’s population.
Growing Security Concerns Surrounding IoT Devices
IoT security issues have been growing in the past few years as it becomes increasingly apparent that IoT devices are, by their very nature, unsafe. In fact, the RFID Journal recently called IoT technology, “A Doomsday Scenario Waiting to Unfold”. This is primarily because these devices tend to be cheap, throwaway items that would not have become so popular so quickly if they were more expensive. One of the things that keeps their cost down is little-to-no investment in making them secure. In 2015, Kaspersky called IoT the “Internet of Crappy Things”, highlighting the fact that of the 20 billion IoT devices projected to exist by 2020, the majority of them would be lo-tech, disposable artefacts. In January of 2015, Wind River Systems of California, in a paper titled “Security in The Internet of Things produced a report that drew attention to a number of IoT security essentials. The report specified the following IoT security observations:
- Establishing IoT security standards should be a cornerstone of IoT device development
- It is unrealistic to compact 25 years of security evolution into novel IoT devices
- There is no silver bullet to mitigate IoT security risks
IoT Security Risks and How to Contain Them
IoT is the Internet “new kid on the block”. And the fact that Internet is hardly a secure environment itself makes IoT devices even less so. And there have been several high-profile events, involving the use of IoT devices as nodes in wider botnet attacks that highlight IoT’s vulnerability. The most infamous attack to date was the Mirai malware that hit networked devices running Linux operating systems in 2016. Mirai targeted online consumer IoT devices such as home routers and Internet-connected cameras. On September 20, 2016, the Mirai malware was used in the largest ever Distributed Denial of Service (DDoS) attack, targeting French cloud computing site OVH and, later in the same year, United States DNS provider Dyn.
With the growing maturity of IoT devices, security will likely become a market differentiator. A company selling Internet cameras that offer lifetime security upgrades is going to accumulate more sales than a rival company that does not.
Further risks associated with both home and enterprise IoT include the following non-exhaustive list:
- Data security concerns
- Personal and public physical safety risk (my car has been hacked)
- Privacy issues (my home camera has been hacked)
- Data storage management following the exponential growth of IoT devices
So, what can be done to secure our increasingly IoT-connected world? There are several steps that IoT OEMs could take to mitigate IoT risk in their products. For example, IoT device manufacturers could make security a primary concern during all phases of device development. They could also provide lifecycle device updates. However, these and similar suggestions are unlikely to occur. The real issue is our old friend—cost. The recommendations noted above are fine and well and would ultimately benefit the user. Fortunately, there are measures that can be taken to improve the security situation of IoT. In its publication of October 2018, “IoT Security Demands a Multi-Layered Approach”, Frost and Sullivan stated that the best way to protect against IoT attack is by having your CSP play a key role “not only connecting your IoT devices but in systematically mitigating the cyber risks those IoT connections create.” Allot is a pioneer in this new category of CSP network-based cybersecurity solutions for the consumer and the IoT markets.
Protecting against IoT attacks in the network itself provides significant benefits to both enterprises and consumers, including:
- Centralized solution that is device/end-point independent
- Mass market activation of IoT security to all devices
- Use of global threat intelligence in real time and the ability to utilize different kinds of databases and technologies
- Protection responsibility being supplied by CSP experts, taking this responsibility away from the consumer
- Blocking the threat before it enters the home or the device
Allot’s suite of cybersecurity products for CSPs include:
- Allot’s NetworkSecure and IoTsecure products that protect consumer and enterprise IoT devices at the core of the CSP Network
- Allot’s HomeSecure product that protects the smart home with software that resides on the CSP Wi-Fi router itself
Tens of millions of IoT and consumer devices are currently protected by Allot’s cybersecurity product suite, Allot Secure.