The Internet of Things will offer organizations tremendous value and will provide consumers with fantastic benefits. However, the Internet of Things also comes with a wide variety of cyber risks that could harm organizations and consumers who work with the IoT.
In order to protect your organization from these cyber risks you should have the right data governance procedures in place to protect the data that is generated by IoT devices. However, which data governance measures you should take depends on the different cyber risks that could affect your IoT business. And there are quite a few cyber risks to take into account:
5 Cyber Risks Affecting the Internet of Things
Denial of Service Attacks
A distributed denial-of-service (DDoS) attack are, unfortunately, very common attacks, where multiple systems flood the bandwidth or resources of a system, such as a web server. The result is that the web server goes down due to the unexpected massive amount of traffic a web server suddenly has to deal with.
Since the Internet of Things involves a network of sensors, devices and wearables connected with each other through the Internet, a DDoS attack could seriously harm your organization. There are several ways a DDoS attack could affect an IoT system, including:
Electromagnetic jamming to prevent RFID tags from communicating with a reader and as such prevent the exchange of information required for the IoT system to function;
A Network Layer DDoS where a DDoS attack is carried out on a wired or wireless network. Such an attack is achieved by sending large amounts of traffic to a network, which cannot respond fast enough to ease the amount of traffic. As a result the entire network will go down.
An application layer DDoS attack, where the hacker gets access to the source code of an application and creates an infinite loophole so that the network resources becomes inaccessible.
Malicious Modification refers to the hardware or software of an IoT device being altered with the objective to create harm. Malicious modification can happen between the time it is produced by a developer and the time it is installed and used. It can also happen when a hacker gains access to the source code and alters the code to create harm. Of course, when the actual usage of an IoT device changes due to such a hack, it could dramatically impact an IoT system.
Phishing is a well-known technique used by criminal to get your username and password of a certain service and do harm with that information. Phishing is best known from criminals trying to get banking details and steal money from your bank account.
Phishing however, can also be used in relation to the Internet of Things. In fact, this is already happening as two years ago, a global hacking campaign was able to target and manipulate over 100.000 consumer gadgets, including devices such as routers and smart appliances, into sending over 750.000 malicious emails.
How is this possible? Well, a lot of smart device make use of well-known systems such as SSH or SMTP (which is an email server) and by obtaining usernames and passwords through phishing they were able to send malicious emails through the connected device. Worst thing about it is that it probably does not affect the usage of the device and therefore can remain unnoticed for a long time.
Counterfeiting is all about creating fake replicas of a product in order to take advantage of the imitated product. As a result, hackers could create fake connected devices that imitate an original product but at the same time steal all kinds of data from the end-user. Or an IoT device that eavesdrops on conversations that are held close by the device, and sends this information to a group of criminals who can take advantage of what they hear.
With so many connected devices in our homes in the future, we better make sure that they do exactly as they say they do.
Buffer overflows are a favorite exploit for hackers and can seriously affect your IoT system. A buffer overflow is caused by an anomaly when data overrun’s a buffer’s boundary and overwrites other memory locations. As a result, important data stored in that memory will be overwritten or become corrupted.
During buffer overflow attacks, the extra data may contain code designed by criminals to trigger certain actions such as attacking a computer, network or device or disclose confidential information. Therefore, when a connected device contains a programming flaw that can be exploited by hackers, it becomes quite easy to take over control of the connected device using a buffer overflow attack.
Managing the 5 Cyber Risks of the Internet of Things
It may be clear by now, that the Internet of Things is vulnerable to a variety of attacks. Attacks that could significantly affect IoT systems, but even worse, could result in injuries or even casualties if the criminals intent to do serious harm. Especially if you think of the fact that a single security issue on one connected device, can easily turn into multiple security issues on other interconnected devices.
Therefore, let’s have a look at how we can manage these five cyber risks that affect the Internet of Things. Ensuring the security of connected devices actually boils down to three important measures to be taken by organizations and end-users:
Only Allow Verified Products to Connect to Your Platform
Counterfeiting is a serious problem, so any organization that has created an IoT platform should consider due diligence for any provider that wants to connect to that platform. You should only allow verified products to connect to it to ensure that no malicious hardware can affect your IoT system.
Encrypt Your Data on Devices and Ensure Optimal Digital Security
This is of course a no-brainer nowadays, but unfortunately it happens still too often that data is not encrypted correctly and no, or not enough, digital security measures are in place. Whenever you release a new connected device to the market, ensure it is thoroughly tested and it is completely secure. Whenever bugs are found, ensure that they are fixed as soon as possible.
Enforce Employees and Users to Use Strong Security Credentials
Weak passwords are still too often the main cause of a data breach. Organizations that have developed connected devices should enforce users and employees to only use unique and strong passwords. In addition, they should enforce multi-factor authentication whenever possible to ensure that in case of phishing, a criminal still cannot access the account or device.
Monitor Device Usage to Detect Strange Behavior
Using security and monitoring analytics, organizations should be able to detect any data breach or hack in real-time on end-users’ devices. When a connected device is hacked and used for sending SPAM or used in DDoS attacks, the end-user might not notice anything at first, but the manufacturer should be able to see that something strange is going on. Therefore, manufactures of IoT devices should use advanced security and monitoring analytics on their connected devices to understand if a hack has taken place.
In addition, when Personal Identifiable Information is stored locally on the connected device, organizations should include a remote wipe solution; in case of a data breach you can remotely wipe the data from the connected device.
Enforce the Right Employee Behavior Policies
Most of the data breaches are due to human behavior and human errors. Employees should be stressed to take the right measures to avoid such errors. Companies should create strict policies related to data governance, data security and data sharing to avoid any unnecessary data breach.
Securing the Internet of Things
The Internet of Things is still in its infancy. At this moment ‘only’ around 5-10 billion devices are connected to the Internet. However, this is changing rapidly and it is estimated that by 2020 there will be 25 – 100 billion connected devices. That are a lot of devices that need to be secure to avoid damage in terms of money, brand image or even injuries and casualties.
Any organization that is therefore working within the Internet of Things ecosystem should take their security very serious and these 4 measures can help to manage important cyber risks with the Internet of Things.