IoT Risks, However, the benefits of IoT do not come without the risks inherent in this type of technology. In 2017, the first malware that demonstrated the vulnerability of the Internet of Things were presented.
Known by the name of Mirai, this malware accessed some connected devices using the passwords and usernames that are predetermined with the products. For these types of situations, it is always recommended changing the default information and customize it.
What happened after? According to Norton Security, the malware converted the affected devices into a botnet. It affected to facilitate a Distributed Denial of Service (DDoS). Attack which aims to overwhelm websites with Internet traffic. The attack ended up flooding one of the largest website hosting companies in the world.
Which caused the interruption of a variety of important websites and services for hours. This particular variety of malware is called “open source”, which means that the code is available for anyone to modify.
Because most IoT devices cannot have security software installed, such as an antivirus on your computer. They can be vulnerable to attacks. This is where your router (router) plays a very important role, as it is essentially the Internet entry point to your home.
While many of its connected devices cannot be protected. The router has the ability to provide protection at the point of entry, and provide a certain level of security, such as password protection, firewalls, and the ability to configure them to allow only certain devices are connected to your network.
The Challenges in CyberSecurity of IoT:
Due to the constant evolution of these technologies, it is very difficult to know what will be the scope of the advance of IoT in the services of the future. However, what can be intuited today is the large number of cybersecurity and privacy problems of user information that may affect them.
The relevance of IoT technology as an objective of possible threats that compromise your cybersecurity and privacy is mainly due to the fact that this technology uses and depends on everyday elements (smart watches, location applications, smart medical care systems, etc. . .) With the ability to transmit and process information over the Internet.
The collection of personal data of users is inherent in the operation of these IoT Risks. Regardless of the level of awareness of the user regarding the personal information that is being revealed with the use of these services, which is also a source of security problems.
In addition, the most used devices in IoT have related technical vulnerabilities in their authentication mechanisms, or in the encryption of the information they transmit. For example, there is a large amount of data that without proper encryption is transmitted over wireless networks, many of them public and lacking security.
Considering its impact on the security and privacy of citizens (data collection and processing may be uncertain for users). The threat landscape concerning IoT is extremely broad.
Learn more: IoT Workshop
Summary of IoT Risks and Weaknesses
Currently IoT technology presents a series of risks and vulnerabilities that could be summarized in the following:
Limited resources: Most IoT devices have limited capabilities in processing, memory and power, so advanced security controls cannot be applied effectively.
Security concerns are exacerbated since IoT Risks should not be seen as a collection of independent devices, but as a rich, diverse and broad ecosystem that involves aspects such as devices, communications, interfaces and people.
In some cases manufacturers may be inclined to limit security features to ensure low cost and therefore, product safety may not be able to protect against certain types of IoT attacks.
Lack of experience
This is a fairly new area, so there is a lack of expert staff in the field of cybersecurity IoT that does not have a previous history of threats or problems that allow to have some lessons learned applicable to this technology. There are simply some general rules that must be applied in this area in the appropriate manner.
Security flaws in the design of the device and its exploitation
The most common practice is that manufacturers focus on minimizing the time of product launching, sometimes neglecting essential aspects of cybersecurity (information encryption) transmitted, access controls, etc.) in many cases due to the need to anticipate the competition at launch.
Lack of control and information asymmetry
In many cases the user is not aware of the data processing carried out by the sensed devices. The conventional mechanisms used to obtain the consent of the users are considered “low quality” consents because in many cases they are based on the lack of information that the user receives about the subsequent processing of the personal data he is providing. In addition, this information may reach third parties without the user being aware of its dissemination.
Also, although it is not a specific IoT practice, the lack of control that exists in technologies such as cloud services and Big Data, even in the problem that arises from the combination of both, causes the lack of control and Information asymmetry is very present in the field of IoT.
Limitations on the possibility of remaining anonymous when services are used
The advancement of IoT technology will cause the loss of anonymity in the use of multiple services. Services in which today is assumed as something guaranteed.
To protect this anonymity, it will be necessary to improve access control and encryption techniques. And develop support techniques for the concept of Privacy by Design. And also avoid information inference and preserve the privacy of the user’s location.
Security versus efficiency
When it comes to balancing the optimization of the hardware resources of the device with the security requirements demanded by these devices, several challenges arise for manufacturers.
Since the marketing time pressure of IoT products is greater than in other areas. Limitations are sometimes imposed on efforts to develop safe devices.
For this reason, and sometimes also due to budget problems, companies that develop IoT products place more emphasis on functionality and usability than on security.
The lack of a clear assignment of responsibilities (manufacturer / service provider / user) could lead to ambiguities and conflicts in the event of an event affecting security, especially taking into account the large and complex chain of supply that involves the IoT. In addition, the question of how to manage security if a single component were shared by several parties remains unresolved.
The Internet of Things has arrived to stay. Security attacks on these types of devices, whether virus or cybercriminals, will be a constant event. That is why it is recommended to incorporate all IoT devices into the daily work procedures of Cybersecurity and use any of the following practical tips that are easy to apply:
- Take into account security aspects during the selection of IoT devices.
- Constant monitoring of the Company’s data network, and if possible, isolate IoT devices in specific networks for use,
- Perform proper password management, modifying the default username / password combination (if available).
- Track security updates that manufacturers release for the various IoT devices
Also Read: IoT Drives the Security Market