Number of IoT devices grows, security stays the same – almost non-existent
As the number of connected devices continues to increase the security levels of those newly connected devices stay the same – minimal or non-existent.
Various estimates say that by 2020 there will be anywhere between 25-40 billion connected devices in the world. This is a gold mine for hackers because all those connected devices, if not properly secured, become potential tools for different types of exploits, not least of which being DDoS attacks.
Just in the past year the internet has witnessed several big cyber attacks, in large part made easier by the big number of connected devices.
In 2016 the Mirai botnet managed to utilize 100,000 systems running Linux to initiate the 2016 Dyn cyber attack. The attack caused the internet to become unavailable for large swathes of Europe and North America and shut down the country of Liberia’s internet infrastructure. One of the things that made this botnet so dangerous was how it utilized IoT devices which in the past were traditionally non-digital, such as remote cameras and various sensors around the home.
Scary as it already looks, could this just be a warning of things to come?
The idea that previously non-connected devices could be used in a malicious way to execute cyber attacks had not been taken seriously. But as the number of connected devices with almost no security grows the prospect of a 1TB a second DDoS attack becomes not only conceivable but imminent.
So who is to take the responsibility for IoT security – manufacturers or users?
The answer is unfortunately not that straight-forward.
The manufacturers are under constant pressure of delivering as affordable product as possible, and unless they’re absolutely forced to implement security then they are very unlikely to raise their own costs to introduce something customers are not demanding.
On the other hand users are not aware or simply don’t care about security issues.
So whatever approach is adopted, it needs to be multi-pronged, focusing primarily on the manufacturers but not neglecting the consumer awareness. When a consumer realizes that the access to Facebook or Spotify is today not possible because of an attack made possible by an unsecured smart dishwasher, he might decide that IoT security is something that must be delivered.