Cyber-attacks has grown leaps and bounds in the last one year in the IoT world. Many IoT devices lack stringent security measures and this makes it easy for the cyber attackers to exploit the vulnerabilities. Some of the classic cyber-attack cases that has happened in the recent past are
Cars: Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof-of-concept attack where they managed to take control of the vehicle remotely. In the UK, thieves hacked keyless entry systems to steal cars. Cars have become a common target for cyber criminals.
Smart homes: Every smart home is vulnerable to cyberattacks. The most common cyber-attack is on the doors of smart homes where the cyber thieves use a remote online unlocking mechanism to open smart home locks. Thieves can even hijack CCTV cameras and watch all that happens inside your house.
Medical devices: This is a horrible thing to even imagine in the wildest of our dreams. Imagine that you are getting your insulin shot and suddenly a high dosage is inserted into your body because of a cyber-attack. All the medical devices are prone to cyber breaches these days.
Embedded devices: Millions of everyday devices, including routers, webcams, and Internet phones, share the same hard-coded SSH and HTTPS server certificates, leaving more than 4 million devices vulnerable to interception and unauthorised access.
These breaches will continue to happen in future too. IoT devices will be the most preferred route for cyber criminals to attack individuals and organisations. Given the present poor state of security in IoT devices, they will present an increasingly attractive target to criminals who look for easy targets in the same way that burglars prefer houses without alarms or watch dogs.
Removing the "IN" in Security of Things
Effective security requires layers of security built into devices and the infrastructure that manages them. The key to understand the nature of threats in the IoT world are
- Authentication (Strong SSL/TLS encryption technology)
- Code signing
- On-device security (such as Embedded Critical System Protection technology)
- Analytics
- Auditing and
- Alerting
Some threats are more dangerous than others are, and while a mobile phone may be an inconvenience, a vulnerability in your car may present a more serious danger. Similarly, a backdoor in a medical device may give cyber criminals access to medical records, which may lead to fatal injury or potentially even death.
IoT device manufacturers need to prioritize security and find the right balance between innovation, ease-of-use, cost, and time-to-market constraints. Consumers and companies that use IoT devices need assurance that those devices are secure. Internet of Things will have to be translated to Security of Things.
What are the cyber breaches that you have encountered in the last one year? How did you overcome it?