In the world of business, oil companies can now maximize production and efficiency at individual wells using networked sensors that make automatic micro-adjustments to pump stroke rates. Food retailers and restaurants fit their trash containers with connected weight sensors designed to reduce the financial, social and environmental impact of the waste they produce.
These devices represent the Internet of Things (IoT), and it’s bigger than just our laptops, desktops and mobiles. Security equipment, cars, electronic appliances, lights in commercial environments, security cameras, speaker systems and vending machines are now just as much a part of the IoT.
The ability of these devices to send and receive data and to talk to each other will make running our lives and companies easier in many ways we can’t quite conceive of yet.
The IoT is going to grow quickly in the coming decade. The era of connected devices will create significant business opportunities as the IoT network grows in size and capabilities. But the IoT also presents a major threat to businesses in the form of cyberattacks.
Why are IoT devices vulnerable to cyberattacks?
IoT devices are of interest to cyberattackers for four main reasons:
- Most of them use wireless connections, which are vulnerable by nature.
- Also because of the wireless connection, an attack in progress often goes unnoticed.
- IoT security tends to be a blind spot for both consumers and companies. Fewer than half of the corporations surveyed by digital security expert Gemalto are even able to detect an IoT breach, and NordVPN found that 25% of consumers took no action to protect their IoT devices from attack.
- Some manufacturers take shortcuts on the security protocols they’re supposed to install in their products. This means the devices leave the factory with flaws that cyberattackers can exploit straightaway.
Of all wireless connection options, cellular networks offer the greatest protection because of the digital encryption inherent in their technical infrastructure, but even that’s not impervious.
Most Wi-Fi connections are not secure either. In 2017, Mathy Vanhoef, a computer science professor at Belgium’s KU Leuven, “broke” the WPA2 protocol used by most Wi-Fi systems. In doing so, he discovered that all Wi-Fi connections using the WPA2 protocol are vulnerable to compromise.
Bluetooth, despite being a mature technology, has 16 different security vulnerabilities. RFID, used in logistics and retail, has many of its own issues too. Experts in the IT community have expressed their worries about the security of current Zigbee-powered products.
LPWANs (low-power wide-area networks), almost exclusively used by businesses, transmit data from IoT devices like sensors back to base using wireless, low-bitrate, long-range communications. However, they’re also vulnerable because they use a simpler encryption method to save power. As we cover later in this article, though, all of these flaws can be addressed.
What do cyberattackers gain by hacking IoT devices?
IoT devices connect to domestic and corporate computer systems. Heating systems, smart fridges, smart thermostats and other smart devices connect to the same corporate networks as customer databases and point-of-sale systems.
But why would a cybercriminal attack a connected fridge? It’s not because they want to control your fridge. They want access to your corporate network, and your fridge will often be less protected than, say, your Wi-Fi router. Once they have access to your corporate network, they’ll try to take control of it.
When they’ve gained control, they can install ransomware to blackmail your company or run cryptocurrency-mining malware, which requires so much computing resource that it renders your network unusable.
They may grant themselves user privileges to access sensitive client information, launch denial-of-service attacks against your website, or interject themselves into email conversations between your company and your clients.
In 2021, software security company McAfee discovered a flaw in an IoT exercise bike manufactured by market leader Peloton. This flaw would have allowed a hacker to steal Peloton’s customer database, including users’ birthdays, genders, workout stats, weights, and ages, all because of a faulty API.
How high is the risk to businesses?
The financial and reputational costs of a cyberattack are significant even for large corporations, but for small businesses, a cyberattack could mean closing up shop.
“Overall, there’s going to be tremendous benefits to the Internet of Things – it’s exciting,” said Kevin Haley, director of Symantec Security Response. “We’re going to see all these different applications, but as a security professional, I’m seeing that there’s a headlong rush into this stuff without anybody really thinking through the consequences or the security aspects of it.”
A hacker could even access a small business’s network by hacking into its security system.
“Now, anybody who has an internet connection and some hacking skills can also view your most important stuff,” Haley said.
Roel Schouwenberg, principal security researcher at Kaspersky Lab, agreed. “All these new smart devices come with their own specific, new vulnerabilities, which can give attackers new opportunities. They may require new technology and approaches to protect properly. But people in small businesses will generally have their hands full covering their existing technology. Adding new, complex devices to the equation is going to make things a lot more difficult.”
When it comes to the Internet of Things, small and midsize businesses have to worry that hackers could access their networks through their connected devices.
The particular threat facing small businesses
Small businesses are particularly vulnerable to security risks because they don’t usually have their own dedicated security staff. If they’re lucky, the people they pay to do their computer work happen to understand it and look out for them, said Chester Wisniewski, senior security advisor at Sophos.
Most of them don’t provide that protection, though, leaving small businesses wide open to attacks.
“To a large degree, the best thing to do is not use all these connected devices, or at least to understand what the risk factor might be,” Wisniewski said. “I’ve seen people who have plants that tweet when they need to be watered. We’re hooking everything to the internet. The safest approach is to do what I do and just don’t plug this stuff in.”
Part of the security risk stems from these devices’ industrial control systems, which are often designed by people who do one thing very well. For instance, a system might be designed by a person who knows a lot about refrigerators or thermostats and designed the software so the appliance or device does all kinds of cool things, Wisniewski said.
BestWeb –
For further enquiries on any of our expertise or services, whether it is for website design & development, mobile application development, or digital media marketing, please feel free to contact or WhatsApp +6010-2200 660, email welcome@bestweb.com.sg or visit https://bestweb.com.sg Thank you.
