The world we live in is connected more than ever before. Billions of devices are connected through a growing network of the internet of things (IoT) in our homes, offices, hospitals and even our bodies. Technology developers rush to add new devices every day to the already bulging range of connected devices. Most of them claim to be cheap and easy to use for the users.
But this rush of new devices in the market comes at a cost. As manufacturers keep on adding to the connected devices, a little or no thought is given to the cybersecurity. This has resulted in a large number of completely insecure devices hitting the market.
How risky the IoT devices are?
Many of the IoT devices have significant vulnerabilities that can be exploited by the wider cybercriminal network for committing cyber crimes. Smart devices like smart home hubs, IP cameras, and even children’s toys have been found to be susceptible to exploitation by the cybercriminals. This huge number of insecure IoT devices was the key reason that led to the Mirai botnet attack in late 2016. This attack then caused a massive Distributed Denial of Service (DDoS) attack that disrupted the internet services across the world.
This incident showed how insecure devices could damage the system. Since then, governments and tech industry have been mulling over on how to ensure the safety of the connected devices on the internet. Many international bodies are conducting security conferences to plug the security holes before it is too late.
If we are serious, there are a lot of economic and other opportunities for businesses, digital society, and citizens if they play their role in securing these devices or there are clear signs of things getting worse in the near future.
The criminal opportunities presented by an insecure IoT is attracting more criminals to it and its real potential is still some way off. But it is just a matter of time before it blows out in full-scale IoT-related attacks.
Perhaps the bigger problem with IoT security is that the user is often unaware that his device has been hacked or infected with a malware. They don’t even know if this can happen. Most of the times these devices are plugged in and connected the internet and then simply forgotten. These devices do not receive regular updates and their default passwords also remain unchanged. Usually, the users would not know if their electric-cattle is being used for carrying out a DDoS attack and how to secure this device. But criminals know how to exploit them and they do this.
Hyper-connectivity means hyper-threats
The more connected we are, the more insecure we get. Hyper-connectivity is leading us to hyper-threats and these threats are smarter, faster, and bigger in every aspect. As is the case in every other thing, there is a dark side of every positive development. Our challenge is to contain and prevent the threats which are larger in scale with unprecedented impacts.
IoT is a very serious area of cybersecurity and global cooperation is the key to solving this issue. The problem is that the difference in capabilities across various areas in the world makes it vulnerable as a whole. In order to make the world more cyber resilient, we have to offer a better response to the cyber attacks. Cybersecurity is and should be the top agenda of every state.
This issue is far from being resolved as more and more devices are being added to the millions already in the market. Their users have no idea about how to keep these devices secure. We must learn lessons from the recent cyber attacks. Though patchy progress is being witnessed in some areas, the overall security situation remains the same as many years ago. Especially if you see this as a highly distributed system, not a lot has changed.
Is there a fix to it?
The first attempt must be made at the government level. IoT must be legislated with the best-practice approach. A policy on IoT must be flexible and economically reasonable. By keeping it flexible, we mean that a consumer must play his role to nudge their IoT security along the right lines.
Then there is a need to inculcate an “electronic common sense” among the users. By this we mean that people must be trained to live in an electronic world in an intuitive way. They must know that how it is to be reasonable and practical in their device use without following a procedure or anything.
To achieve this, the consumers and businesses will need to be taught about the parameters of a secure IoT device. They must be educated about not going for a cheaper product at the expense of their security.
IoT security is altogether different from traditional security. While we know the traditional ways of security really well, IoT security is an entirely different thing. IoT devices might look traditional structures but they are quite different from them and when we don’t know how to operate them, they become vulnerable.
For example, people often install IoT security cameras but do not know about their security. If the security is poor, it has the potential to be accessed by others or even broadcasted on the internet.
People think they are just plug and play devices. However, they are unaware of how powerful this device is and what threats it could bring forth. Being uninformed means, they are not going to ask any questions about the security. Raising this awareness will make people capable of asking questions.
Another problem is that the economy of selling technology does not fall in line with the economics of security. There is a poor understanding of the economics of cybersecurity globally. There is a commercial reason behind the dumping of insecure devices into the market. People want to make a lot of money out of them. The vendors and cybercriminals alike are making money out of this poor state of IoT security.
Finally, consumers, organizations, and products vendors must address the issue of IoT security as something that must be addressed now. If we take it as a problem of tomorrow, we are surely going to lose more than we gain from these devices.