The global Internet of Things (IoT) market has experienced a significant growth spurt within the last few years. Over 8.4 billion devices are currently in use and this figure is expected to rise to 25 billion by 2020.
The Internet of Things refers to all the physical devices around the world that are now connected to the internet, collecting and sharing data.
IoT devices can include anything from microwaves, baby monitors and smart speakers to large scale manufacturing operations. Many global industries are now adopting IoT technology as a means of improving efficiencies and increasing profits.
However, as the use of IoT devices has increased, so has the associated security risks. The problem with IoT devices is they have very little security, and many lack the ability to be updated which provides cybercriminals with easy access points to exploit.
Hackers will attempt to compromise IoT devices with weak authentication, unpatched firmware or other software vulnerabilities. If these tactics don’t work, they will apply brute force attack using default usernames and passwords.
By 2020, it’s estimated that 25% of all cyber attacks will target IoT devices, and with more industries adopting IoT technologies, we can expect to see a continued rise in these attacks unless manufacturers prioritise the security features of these devices.
Unsecured IoT devices provide an easy way for cybercriminals to infiltrate a network. The infamous Mirai Botnet attack of 2016, demonstrates just how easily these everyday devices can be weaponised by attackers.
The attack remains one of the biggest distributed denial of service (DDoS) attacks in history. Using a malware called Mirai, hackers created a massive botnet of 100,000 IoT devices. The devices included radios, smart TVs, printers and they were all programmed to send requests to Dyn and overwhelm it with traffic.
The attack was hugely disruptive and brought down the websites of over 80 of its customers including Amazon, Netflix, Airbnb, Spotify, Twitter, PayPal, and Reddit. Damage from the attack is reputed to have cost $110 million and despite being contained within one day, over 14,500 domains dropped Dyn’s services in the immediate aftermath of the attack.
However, the compromise of IoT devices is not just limited to DDoS attacks. Hackers are increasingly targeting consumers directly in order to steal their personal data. These devices can stream huge amounts of sensitive data which can help criminals build a detailed picture of their victim. The information can then be used in the careful crafting of a social engineering attack or the criminals can use the data to commit identity fraud.
The rapid growth of the IoT market has meant that many manufacturers have been focusing more on profits rather than the security of the devices themselves. Cybercriminals have been quick to capitalise on this lapse in security by exploiting vulnerabilities in the devices and using them in coordinated cyber attacks.
This increase in attacks has prompted several governments to take the issue more seriously. California is the first US state to introduce a Cyber Security law regulating IoT devices. The legislation will come into effect on the 1st January 2020 and requires security measures for any device that can connect to the internet and that has an IP or Bluetooth address.
The UK government has also laid out guidelines to make IoT devices safer. The guidelines include secure storage of personal data, regular updates, data encryption, and the use of unique passwords.
The bottom line is that manufacturers need to prioritise security to ensure that the appropriate measures are built into IoT technology from the moment it’s developed. This will help improve consumer trust and reduce the chance of devices being compromised by attackers.
Consumers can also help improve the security of their devices by taking the following steps:
MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Get in touch for further information on how we can help improve security within your organisation.