• The Internet of Things is expected to grow to 8.4 billion devices in 2017, with predictions of more than 20 billion devices by 2020. While this market is growing rapidly, it faces a major barrier on the way to its success. Connected devices are vulnerable, as seen in the DDoS attack on October 21st, 2016, which took down the DNS provider Dyn.

    Large websites such as Etsy, Twitter, PayPal, Verizon, Comcast and Reddit were among the many that were virtually unusable during this attack. The hackers turned to unsecured IoT devices to create an extensive botnet. This allowed them to push enough traffic to take down Dyn. It was the largest attack caused by IoT security issues, but it certainly was not the first. The IoT market needs to find a way to properly secure these devices. Otherwise, more high-profile attacks completely negate the benefits of having connected technology in your organisation. It is time to bring in security analytics.

    The Consequences of Unsecured Connected Devices

    IoT devices add countless potential attack surfaces to an organisation. Even if you have an official policy, people will bring in their own technology. They will connect to your network and have the potential of giving attackers a direct entry point to your infrastructure.

    While several unified platforms are emerging that cover IoT security standards, such as MIDAS, Unify IoT and Universal Internet of Things Platform, you could be dealing with dozens of devices whose suppliers don’t have the same protection in place. Outdated firmware and software could also make it easy to exploit IoT technology and use it as an attack surface. The sheer variety of form factors, operating systems, feature sets and vendors introduces complications that your current IT security resources may be unable to cover.

    IoT requires a complete reevaluation of your IT security strategy and the personnel’s mindset. Staff needs to understand that every connected device represents a vulnerability point. Downtime due to data breaches can lead to substantial financial losses depending on the systems affected.

    Vulnerable IoT Devices

    Vulnerable IoT devices can also have their functionality compromised, which could lead to potentially life-threatening situations. Consider smart devices used in manufacturing applications. If an IoT safety sensor got compromised, it could result in employees ending up in unsafe situations that could cause injuries or death. Another example comes from the medical field. The industry is adopting a wide range of speciality IoT devices to improve patient care. If a monitoring device reported the wrong sugar levels on a diabetic patient, they could end up in a coma.

    Something as simple as a compromised thermostat could have long-term consequences for a company. If the heating or cooling runs at inefficient levels, the overhead costs could slowly start to eat into your budget. Maliciously controlled data centres could lose their ability to regulate heat and lead to hardware failure.

    Self-driving cars are another example of a connected system that can be compromised. Hackers could disrupt the vehicle’s GPS, making it difficult to track the location of your fleet, control systems such as the radio, or potentially cut out critical systems that are necessary for operation.

    This problem is only going to get worse as IoT continues its rapid expansion over the next few years. Many organisations are not prepared to deal with the security issues that connected devices bring to the table. You can put yourself in a good position to account for these concerns through security analytics.

    The Role of Security Analytics in IoT Security

    Security analytics can help you handle the complex IoT landscape, especially for devices that don’t have strong security features on their own. You will not be able to control all IoT devices coming into your organisation. After all, staff will bring many (unauthorized) personal technology to work and connect to the network. With security analytics, you can gain the data and insights required to protect your IT resources. A few vendors operating in this area include NetSentries and Argyle Data.

    Security analytics can identify the red flags that often precede a breach or attack. You can find devices that are communicating with unauthorized systems or networks. Once detected, you can lock them down before hackers can use that device to get into your infrastructure.

    IT security specialists can use security analytics solutions to look beyond perimeter-based protection. They can determine whether they need to take action based on the network traffic they analyse. It will offer the possibility to derail zero-day attacks before it cripples your organisation or causes a costly data breach.

    Machine learning is vital in this process to prevent your security staff from becoming overwhelmed by the sheer volume of information. As your organisation fends off attacks related to your IoT devices and discover more markers for potential vulnerabilities, the security analytics solution can use this data to handle lower priority issues. Your IT security analysts can focus their attention on complex exploits and other concerns that require their hands-on touch.

    The IoT market cannot succeed if security exploits hinder device performance. IoT devices can transform current business processes and models. However, they need the support of a robust security analytics solution to protect the organisation from countless threats. It will give you the opportunity to harness the power of IoT without facing an unreasonable level of risk.

    Image: Elenabsl/Shutterstock

    Get in touch

    Dr Mark van Rijmenam

    Dr Mark van Rijmenam is Founder of Datafloq. He is a highly sought-after international public speaker, a Big Data and Blockchain strategist and author of the best-selling book Think Bigger - Developing a Successful Big Data Strategy for Your Business. He is the co-author of the book Blockchain: Transforming Your Business and Our World, which details how blockchain can be used for social good. His third book, The Organisation of Tomorrow, discusses how AI, blockchain and analytics turn your business into a data organisation. He is named a global top 10 Big Data influencer and one of the most influential Blockchain people. He holds PhD in management from the University of Technology Sydney on how organizations should deal with Big Data, Blockchain and (Responsible) AI and he is a faculty member of the Blockchain Research Institute in Canada. He is a strategic advisor to several blockchain startups and publisher of the ‘f(x) = ex‘ newsletter read by thousands of executives.
    Get in touch