By Vishal Bhawnani, Practice Head – Cyber Security Assurance at ProVise Secure Lab
Introducing IoT technologies within organisations is a benefit to the information technology domain. This growth carries several advantages as it will change the way technologists carry out everyday tasks and potentially transform the technology and cybersecurity landscape.
But these advantages are weighted with some cybersecurity risks, as the increase in IoT technologies motivates hackers and cybercriminals to aim for entry points so that they can craft an attack for their lucrative gains.
Potential cybersecurity risks to get introduced within any organisation due to IoT technologies can be classified as follows:
Data theft and data privacy
The sheer amount of data that IoT devices can generate is staggering. As per the Federal Trade Commission global analysis, 10,000 IoT devices can generate 150 million discrete data points every day. This creates more entry points for hackers and leaves sensitive information vulnerable.
The proliferation of IoT has enabled the collection of big data. Smart sensors are gathering information for use in machine learning algorithms to add value to businesses and promote informed decision making.
Even if precautions are taken to secure data, the level of sophistication exhibited by cyberattackers is remarkable. Attacks can be crafted not just from public networks but from private sources such as cars, smartphones and even smart homes.
Complex IoT architecture magnifies cyberrisks
By connecting a greater diversity of IoT devices to networks, this brings with it the associated risks. To put this into perspective, there are more than three billion smartphones currently in use globally and eight billion IoT devices. The scale is substantial and it is only growing. As per Gartner, over 20 billion IoT devices [are likely] to be connected through networks by 2020 which can be hacked or compromised.
Hackers could use a connected device to virtually invade a person’s home or any smart devices. Researchers accomplished this by intercepting unencrypted data from a smart meter device to determine what television show someone was watching at that moment. Unauthorised physical access to smart devices; deliberate manipulation of an IoT operation.
Other cybersecurity risks are:
- Theft of personally identifiable information from manufacturer or third-party storage systems
- Extortion enabled by ransomware that renders inoperable of IoT smart device until a ransom is paid. The risk of ransomware has so far affected ordinary individuals, hospitals and other institutions
- Hijacking IoT systems to enable malicious cyberactivity: if the systems are/would be used as command and control infrastructure for illicit cyberactivity
To conclude, the above-mentioned cybersecurity risks within organisations are due to introducing IoT technologies. However, these IoT technologies support modern organisations in balancing the cybersecurity risks by:
- Secret Handshake which will balance data theft and privacy cybersecurity risk
- Usability of pattern recognition that will balance or mitigate the risk of ransomware affecting the organisations
- Increase of cloud computing will lead as a frontier from technology aspects which balances the risk of hijacking and data security between systems/applications
- Complex IoT architecture will resolve the culture of remote connectivity to networks which should balance the risk of eavesdropping