There is a consensus among IoT research analysts and thought leaders around the potential of IoT market opportunity. As per recent IDC report, the installed base of IoT endpoints will grow from 9.7 billion in 2014 to more than 25.6 billion in 2019, hitting 30 billion in 2020.
However, there is also growing security concerns around this explosion of connected devices. A compromised IoT device is not only risky for the organization but also has long-term implications on overall customer confidence in its products and services. A study by Aruba Networks, covering 3000 companies across 20 countries, has revealed that 84 percent of companies have experienced some sort of IoT breach.
There is an inherent danger when exposing IoT endpoints to receive commands from remote servers. In a recent news, 500 smart locks around the world stopped working after the company mistakenly issued the incorrect OTA update. This shows the potential downside of remote command and control capability if it’s accompanied with flawed security architecture and support capability.
The largest known DDoS (Distributed Denial of Service) attack involved nearly 150,000 compromised internet-connected closed-circuit television devices and digital video recorders. Hackers used these devices to overwhelm the servers of French internet service provider OVH with more than 1 Tbps of data.
Security concerns within the growing IoT ecosystem primarily center on the following:
Fear of being hacked:
Hackers have used the IoT system for a wide variety of nefarious activities. From diverting sewage water into lakes and rivers, killing marine life to taking control of a smart car from more than 10 miles away. While some of these have been conducted by researchers many of them are genuine hacks that raise concern over the use of IoT devices.
Access to sensitive data:
The total volume of data generated by IoT will reach 600 ZB per year by 2020, 275 times higher than projected traffic going from data centers to end users/devices (2.2 ZB); 39 times higher than total projected data center traffic (15.3 ZB). A big chunk of this highly confidential information will flow over public networks. Your asset data may reveal a lot more than you can imagine e.g. how much energy is being generated and traded by looking at your wind turbine, how efficient is your fleet of mining truck? Where are your assets located? And probably even your energy meter may indicate whether occupants are at home or away?
A 14-year-old in Lodz, Poland hacked the city’s tram system with a homemade transmitter that tripped rail switches and redirected trains, derailing four trams and injuring dozens. Elsewhere in Ukraine, hackers compromised the information systems of three energy distribution companies and cut off electricity for around 230,000 people for one to six hours. These attacks are becoming increasingly common as more devices get connected to the IoT ecosystem.
Safety Risks for the public:
The case of the Lodz teenager proves the danger to the public from IoT attacks. Everything from transportation, to electricity grids to factories are vulnerable to hacks. The damage that can be caused by malicious elements can be imagined.
While the many benefits of an IoT ecosystem far outweigh the risks, it is critical to ensure security concerns are addressed at every layer of the IoT chain. It is business imperative to have an end to end security framework that factors in encryption, identity, access, authentication, authorization, logging, blacklisting, policy, and privacy framework. So, the bottom line is that if you want to draw benefits from IoT, make sure its assets and data pipeline is secured and governed by robust security framework.