Contact Us
SaaS Log InXRay Login
IoT - Internet of Things

Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things

Nastel Technologies®
February 13, 2021

The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internetThis incorporates physical objects communicating with each other including machine to machine, and machine to people. It encompasses everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital world.

By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average and that also amounts to trillions of sensors connecting and interacting on these devices. State of the IoT 2020: 12 billion IoT connections (iot-analytics.com).  According to The McKinsey Global Institute, 127 new devices connect to the internet every second.

That is a whole lot of IoT devices and protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices. The prevailing perspective from a security operations perspective on those billions of IoT devices  is that anything connected can be hacked.

The IoT Connectivity Threat

Each IoT device represents an attack surface that can be an avenue into your data for hackers. A Comcast report found that the average households is hit with 104 threats every month. The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found. Cybersecurity report: Average household hit with 104 threats each month – TechRepublic  

And unlike laptops and smartphones, most IoT devices possess fewer processing and storage capabilities. This makes it difficult to employ anti-virus, firewalls and other security applications that could help protect them. At the same time, edge computing intelligently aggregates local data, making it a concentrated target for sophisticated threat actors.  Ransomware can also target applications and data in addition to IoT device hardware. In the third quarter of 2020, Check Point Research reported a 50% increase in the daily average number of ransomware attacks compared with the first half of the year. IoT Security Trends, 2021: COVID-19 Casts Long Shadow (itprotoday.com)

As there is a growing rate of IoT attacks, especially when trends of remote work and remote offices are factored. It is important to know and understand the threat landscape. The U.S. General Accounting Office GAO identified the following type of attacks as primary threats to IoT:

  • Denial of Service
  • Malware
  • Passive Wiretapping
  • Structured query language injection (SQLi controls a web application’s database server)
  • Wardriving (search for Wi-Fi networks by a person in a moving vehicle)
  • Zero-day exploits

Also, some of the threat actors using GAO mentioned attack methods are becoming more sophisticated as vulnerabilities and kits are shared on the Dark Web and Web forums. These threat actors not only include hacktivists, but criminal enterprises and nation states. In addition to know the types of threat vectors and attackers, it also is important to explore areas with special implications to IoT cybersecurity:

Supply Chain Vulnerabilities and Endpoints:

The Internet of Things (IoT) exacerbates supply chain vulnerabilities. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices. The increased integration of endpoints combined with a rapidly growing and poorly controlled attack surface poses a significant threat to the internet of things. By using the IoT endpoints, hackers can bombard websites with large amounts of traffic requests, which causes the sites to crash. According to a study conducted in April of 2017 by The Altman Vilandrie & Company, nearly half of U.S. firms using the Internet of Things have experienced cybersecurity breaches. It is likely that many more firms were victims and did not report breaches. Nearly Half of U.S. Firms Using IoT Hit by Security Breaches – ABFJournal

With 44 billion IoT endpoints today (and that number is expected to triple by 2025), hackers have many attack options and entries for inserting malware and can also employ DDoS (distributed denial of service) attacks to devastating effects. IoT endpoints 2020: the industries and use cases driving growth (i-scoop.eu)

In fact, 2017, a variant of a ransomware called “WannaCry”, the ransomware spread swiftly in May reaching over 100 countries and thousands of IoT devices. WannaCry disrupted governments, and many organizational and company networks that had connectivity to IoT.

Another security challenge posed is the interaction between OT and IT operating systems, particularly to critical infrastructure. Adversaries have gained a deeper knowledge of control systems and how they can be attacked and can employ weaponized malware and the connectivity driven by the adoption of industrial internet of things and operational technology has further expanded the attack surface and that energy infrastructure operators should implement “security by design” to counter cyber threats. GovCon Expert Chuck Brooks: Security by Design Needed to Safeguard Energy Infrastructure from Cyber Attacks (govconwire.com)

Every form of cybersecurity attack method can apply to the IoT ecosystem, including It and OT. In the future, IoT connected by 5G will increase connectivity, speed, performance, capacity, and will necessitate the need for even stronger security for all IoT endpoints.

The Cybersecurity Improvement Act:

Good news is that policy makers are finally recognizing the imperative to protect IoT. Recently the Cybersecurity Improvement Act was passed in Congress: “The Cybersecurity Improvement Act and other guidelines for cybersecurity, device identity and encryption provide an additional compliance layer that forces OEMs in other industries like medical devices, automotive and critical infrastructure, to design secure products to support vulnerability reduction during operation. The Cybersecurity Improvement Act offers guidelines specific to the use of IoT and the management of security vulnerabilities.

IoT Cybersecurity Readiness: Potential Solutions and Services

A risk management approach is fundamental to anything involving security, whether it be physical or digital. The IoT combines both those elements. A significant part of cyber-securing IoT involves understanding what is connected in the IoT landscape, knowing how to best protect the most important assets and effectively mitigating and remediating a security incidents and breaches. Based upon a risk management architecture, there are a variety of solutions, services, and protocols to evaluate when a business or organization to consider as no one size fits all. Below is an example list for the C-Suite, CISOs, CTOS and CIOs to heuristically use to help meet their IoT security challenges:

  • Use an established IoT Cybersecurity framework that draws on industry experience and best practices, such as those provided by NIST
  • Do a vulnerability assessment of all devices connected to your network (on Premises and remote)
  • Create an IoT/Cybersecurity incident response plan
  • Compartmentalize IoT devices to minimize attack surfaces
  • Add security software, containers, and devices to “digitally fence” network and devices
  • Monitor and share threat intelligence
  • Scan all software for vulnerabilities in networks and applications
  • Update and patch vulnerabilities to both networks and devices
  • Do not integrate devices into your network with default passwords and other known vulnerabilities
  • Establish privileged access for device controls and applications
  • Use strong authentication and perhaps biometrics for access control
  • Use machine authentication when connecting to a network
  • Encrypt IoT communications, especially for data in transit
  • Use strong firewalls
  • Use secure routers and WIFI
  • Use multi-layered cybersecurity protections, including antivirus software
  • Back up all data
  • Consider Managed Security and outside subject matter experts
  • Consider Cloud security as a service
  • Integrate emerging technologies for protections including machine learning/artificial intelligence
  • Continually audit and use real time analytics (including predictive analytics)
  • Implement security awareness training for all employees
  • Be Vigilant

This article originally appeared on forbes.com To read the full article and see the images, click here.

Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:

  • Advanced predictive anomaly detection, Bayesian Classification, and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards

Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.

 

The Nastel i2M Platform provides:

Comments

Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!

Schedule your Meeting

 


Schedule your Meeting


Subscribe

Schedule a Meeting to Learn More