The number of devices connected to the “Internet of Things” is expected to reach approximately 30 billion by 2020, according to several estimates, an increase of 300 percent over the 10 billion that existed in 2014. Unless those devices are secured, they could represent billions of new access points that enable cybercriminals to attack government and business and harm critical infrastructure.
The race to adopt IoT technology, which can include connected devices like automobiles, garage doors and lights, represents a problem for consumers who fail to understand the security implications and for the organizations with which they connect. “You can be the best security guy in the world, if somebody’s running an app that you don’t know exists and it’s connected to your network, you’ve got problems,” former House Intelligence Chairman Mike Rogers, R-Mich., told the Cybersecurity Nexus North America Conference in Washington, D.C., on Oct. 19.
Sixty-four percent of U.S. consumers say they are “confident” they can control their information on IoT devices, according to a survey of more than 7,000 respondents released this month by nonprofit technology association ISACA. However, only 37 percent of IT professionals said they were confident they could secure the devices in their own homes, while 73 percent said they perceived a medium to high likelihood that a company was going to be hacked through an IoT device. Nearly half, 49 percent, said they did not believe their own IT departments were aware of all the devices connected to their networks.
Related Story: http://www.washingtonexaminer.com/article/2574118/
For the cautious IoT owner, securing devices can be an arduous process. “Consumers should be very familiar on how they connect to the Internet, make sure Wi-Fi is encrypted with complex keys and they should know how to monitor the devices connected within their home,” Javier Ortiz, a founding partner of Falcon Cyber Investments, told the Washington Examiner.
He said devices connected to a cloud service represent one of the biggest emerging threats. “In many cases, a person’s email is used to access the services. The developing thought is to have different email addresses and passwords associated with the devices. Imagine the potential nightmare if one email address is used with the same password for all the devices,” he said.
In such a scenario, one successful phishing attack on an email address could allow intruders to access to every device in a home, from the security system to the television.
Javier added that for his own devices, he was still “in the process of reconfiguring the network to ‘segregate’ traffic inside the network into the logical segments [to which] they belong. Televisions and phones are different traffic from computers.”
For consumers who have the technical ability to reconfigure their networks and carry out other security measures, as well as for those who remain blissfully unaware of the risks, increasing connectivity among devices represents an exciting future. For cybersecurity experts, business owners and government officials, it may look a little more troubling.
