As comfortable as IoT devices are, they also bring an imminent threat: they expand the technological surface that malicious attackers can reach. The question naturally arises: what can we do to secure the IoT?
As 5G networks become more and more common, we can all expect more than just faster browsing and less latency on our mobile devices. This is because the fifth generation of broadband cellular networks will lay the foundation for the Internet of Things (IoT) to increase its opportunity to dominate the world.
In fact, it can be argued that the 2020s will be the decade of IoT, as the number of connected IoT devices is expected to nearly triple during this period (from 8.74 billion in 2020 to over 25.4 billion million IoT devices by 2030). It's an impressive amount of devices that will live around us, powering everything from our household appliances to the cities we live in, ushering in the era of smart urbanization.
Unfortunately, not everything is rosy in this forecast. As comfortable and powerful as IoT devices are, they also pose an imminent threat. Billions of interconnected devices mean there is a larger technological surface that malicious attackers can target. And given that cybersecurity has become a top priority for businesses around the world, the question naturally arises – what can we do to protect this vast network of devices?
The challenge of protection
To truly understand the dangers that come with IoT, we have to go beyond the number of devices available and into its nature. Most IoT devices are relatively simple, as they don't have much processing power or storage capacity. Since they are constantly connected to the Internet, they do not need it, as most of the data is processed and stored on central servers.
Edge computing (often referred to as a huge advantage for this type of network) increases the appeal of IoT devices. Through this paradigm, devices can collect and process data on-site, without sending it to central servers. The idea is to reduce bandwidth consumption and increase responsiveness. However, using edge computing means that all IoT devices using it will have sensitive data that makes breaking into them more attractive to attackers.
What's more – there are so many threats that can affect IoT devices that the risk is extremely high. There are countless examples of ransomware attacks targeting IoT devices, but they are far from the only type of attack these devices can suffer. There's also denial of service, passive wiretapping, SQL injections, and zero-day exploits, just to name a few.
Such a long list of threats is even more worrying when you start thinking about their potential targets. Industrial surfaces increasingly use IoT devices for manufacturing and storage. The energy sector is also investing in IoT. Even entire cities are using IoT devices for traffic control and other purposes. The consequences of an interruption in the activities of these networks go far beyond annoyance – they can be extremely dangerous.
With such a scenario, it is logical that researchers, technology enthusiasts, nearshore software development companies and even political actors are calling for stronger protections for a technology that will become the core of our daily lives.
What can we do
The most important thing we can do right now is understand the dangers and recognize the need for action. On the bright side, there are several players who are already taking steps to develop stronger protections for the IoT (including Congress and its Cybersecurity Improvement Act). The downside is that we need much more than that – we need a coordinated approach to dealing with IoT security, something that today depends mainly on the device manufacturers themselves.
In addition to awareness and potential regulation, we need a strategic approach to protecting such a vast network. In this light, a risk management approach appears to be a good alternative, as it can provide visibility into everything connected to the network, while also providing protocols and solutions to mitigate risks and remediate incidents.
Unfortunately, we will not be able to centralize this effort as different IoT networks will require different solutions. But the widespread use of risk management techniques can provide different actors with a kind of roadmap that can help to homogenize approaches and share protocols and solutions that really work.
Some of the things experts point out that could form such a common knowledge base on IoT security include comprehensive, real-time assessments of all devices on the network with the help of AI, compartmentalization of IoT devices to increase control, using biometrics for access, implementing multi-layered security applications, leveraging cloud SaaS platforms to increase processing power and sharing threat intelligence between different organizations.
A fundamental question
Developing an IoT device involves considering several aspects: designing and manufacturing the hardware, developing the software, securing the cloud backend, creating an updated schedule, and many other things. Unfortunately, IoT companies are not considering all of these aspects and are taking a reactive stance, fixing problems as users report them. Until there is a more comprehensive approach to developing these products and this stance becomes more proactive, the threat level for IoT will remain high.
I think it's important to say that, even with all these potential solutions and protocols, it is impossible to create a fail-safe IoT network. As with everything in the world of technology, there will always be vulnerabilities and malicious actors who will figure out how to exploit them. This should not stop us from fulfilling our core mission as part of the technology community: we must seek the most sophisticated security system possible for the IoT. Living always brings risks and IoT is no exception. Therefore, we must look for an acceptable level before continuing to invest in IoT.
If you liked this, be sure to check out our other IoT articles.
- How IoT can boost renewable energy
- How to Avoid Common IoT Mistakes
- The Impact of the Internet of Things on Web Design and Development
- Internet of Behavior: Understanding the Next Digital Frontier
- How the Internet of Things is revolutionizing healthcare
