/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsInternet of Things (IoT) is the proverbial next big thing of this decade although it has been in development for some time now. While IoT creates immense opportunity for businesses to bring out new services and products that will greatly improve consumer conveniences, the proliferation of this phenomenon will also greatly increase the security threat that businesses already face.
The Nasty Challenges of IoT
The most recent and well-known example of how things can go awry with IoT was the news of the spamming refrigerator which sent 25 per cent of over 7,50,000 malicious emails between 23rd December 2013 and January 6, 2014. The fridge that was a part of a Botnet of 1,00,000 Internet-connected devices, was involved in what is believed to be the first Internet of Things cyber-attack. While this attack did not involve sensitive enterprise data, it revealed to us much about the security concern that IoT devices throw up.
Since the foundational element of this technology is the internet, IoT is plagued with the same unprecedented threats and risks that many other waves of innovation backed by the net have suffered from. While it is optimism that drives all technological developments, it is also imperative to ask the question "What could possibly go wrong?"
Speaking of what can go wrong, the foremost answer is that IoT will open up a lot of insecure and vulnerable end points. Most forecasts in this domain predict that soon enough a lot of IP-enabled devices will find their way into the four walls of large organisations. A vast majority of these will not be insulated from common online attacks and will not be enabled with anti-spam, anti-virus and anti-malware infrastructures of the enterprise.
The problem here, unlike threats that arise from SoCloMo, is that no matter what network segmentation techniques and air gaps an organisation adopts, there will always be spots where the IoT will intersect with the enterprise network. These touch points will make the entire network exposed to threats. Since everything will be inter-connected, if one hacks into a web-enabled device that also has connectivity to the corporate IT infrastructure, one basically has access to all the sensitive data of that enterprise stored on the premise or in the cloud.
The other issue that IoT creates is that the embedded devices will all be heterogeneous. The communication protocols of all of them will vary. For existing IT management and IT security, there will be difficulties in managing the embedded computing in these devices as these greatly differ from the layered operating systems in PCs and applications that they are used to handling.
IoT: A Psychological Disaster?
A unique threat in the technological space that IP-enabled devices show is that of physiological damage. With IoT, it will be possible to compromise web-enabled photocopiers, printers and scanners and virtually every other device with an IP address to cause physical damage if that is the intention.
As IoT becomes a reality, businesses will have to adopt a strategy that will have to start with the assumption that attackers are already in the network. Security teams of companies will have to be at the top of their game and stay abreast of the best security practices to secure the emerging devices and be prepared to update risk matrices and security policies. Threat modelling will become of paramount importance to ensure basic security and confidentiality in an increasingly inter-connected digital world.