Envisioning a tomorrow with IoT-as-a-service

by Apu Pavithran, Founder and CEO, Hexnode | Mitsogo


In 1999, when PayPal was dubbed the worst business proposal of the year, Hotmail accounts could be hacked with the password ‘eh,’ and ‘Who Wants to Be a Millionaire’ premiered on American television for the first time, Kevin Ashton coined the phrase “Internet of Things.” Little did he know that this moniker for his new sensor project, established with the intention of capturing his audience’s attention, would set off an IoT frenzy. Today, powering the very breath of smart homes and buildings, IoT’s application span numerous verticals, including automotive, telecommunication and energy, and has ingrained into aspects of our daily life.

Two decades since the inception of IoT, tonnes of data packets exchanged within the 13 billion devices dispersed across the network, and 1.5 billion attacks on the internet of things, yet many of the devices run on legacy cyber solutions. IoT devices operate in a harsh and remote environment, and currently, perimeter-based security postures are what we believe secures them. This notion makes it easier for hackers to bring the entire system down. Fortunately, technological advancements in endpoint management, artificial intelligence and zero trust cross the borders and are now capable of supervising IoTs.

‘Internet of Things’ AKA ‘House of Cards’

Though the term ‘Internet of things’ was popularized in 1999, the concept of appliances exchanging data and staying linked to the internet dates back to the late 1980s. What began as a bunch of university students working on their Coca-Cola vending machine to report on the number of coke cans available to save them from making the trek to the machine later evolved into the internet-connected toaster and then the internet-connected camera.

With the ongoing hybrid culture, the demand for intelligent connectivity has been widely proliferating across the globe.  And the connectivity of things has facilitated data to be accessed from anywhere via any device at any time. It has also improved communication, saving time and money spent for transferring data. Unfortunately, while networking remains the cornerstone of IoT, it is also its Achilles’ heel. The Mirai Botnet attack often dubbed the Dyn Attack, exemplifies how a single vulnerable IoT device with weak factory settings or hardcoded usernames and passwords could potentially bring down the entire network. One of the largest DDoS attacks launched on IoT was made possible by infecting computers with the malware Mirai. Once infected, they search for vulnerable IoTs, infiltrate them using a string of username and password combinations and convert them to a bot. The presence of a few vulnerable IoTs sparked a massive internet outage along the United States east coast.

Initially assumed to be the works of a hostile-nation state, this attack was, in fact, the product of two teenagers. Since then, the bot has mutated, giving way to variants such as the Okiru and PureMasuta. A bug within a single system could corrupt every other connected device.

IoT in the not-so-distant future

With mutating botnets in the field, it’s past time to reconsider the archaic security solutions on which we now rely. New threats will need new solutions. While OEM manufacturers’ lax security postures may have contributed to Mirabot assault’s success, relying on manufacturers to release a patch is not the sole approach. 

As the adage goes: you can’t control what you can’t see, so the first step a corporate must take to secure their IoT is to ensure comprehensive visibility. Network Access Control (NAC) solutions are already employed in today’s networks to help with zero trust security posture. With many devices linked to the IoT network, NAC assists enterprises in maintaining an inventory of the devices, enabling visibility into the device’s status. Secondly, a network segmentation approach could help minimize the attack surface. Using virtual local area network (VLAN) and next-generation firewall policies could implement granular segmentation keeping the IT assets segregated from IoTs. Segmentation doesn’t imply security. They must be real-time monitored and analyzed to eliminate risks of being compromised.

Enterprises deal with massive numbers of IoT devices that may be housed in far-flung regions of the world. Acquiring and maintaining data that passes across systems can be challenging. With a fleet of IoTs and plenty of data, the chances of being hacked increase. A Unified Endpoint Management (UEM) solution like Hexnode offers a myriad of baseline security features for managing, monitoring, and securing the IoT fleet. For example, a password policy could throttle the likelihood of setting a weak password. Automating patch updates and configuring security policies over the air could reduce the chances of being breached. The present UEM solutions might not manage every kind of IoT device. But those devices that run on versions of iOS, Android, Linux, Windows or Chrome are good contenders for unified management. UEMs integrated with passwordless authentication mechanisms, and zero trust have been developing. This could administer a broader spectrum of IoT devices.

Many businesses are currently focussing on AI (Artificial Intelligence) and ML (Machine Learning) for intrusion detection. The traffic patterns are analyzed, and those with the characteristic of an attack are flagged. Cyber Analysts find it challenging to monitor threats due to the generated volume of data and billions of devices present in space. With AI, vulnerabilities could be tracked in real-time and contained quickly. Based on previous experience, ML will create a solution and cripple threats before they enter the system.

Final note

With the revolutionizing of IoT in today’s fast-paced technology, the amount of data being dealt with is no longer what it once was. The ushering of a new era of 5G technology promises faster data transfers with reduced latency. Edge computing is another technology that works in concert with IoT. The edge, developed as a strategy for better data computing, minimizes the amount of data transported to the cloud, allowing for more effective analysis of data anomalies. The future of IoT is intertwined with the progression of artificial intelligence, development of the edge and volume of data collected. IoTs are still open to improvements, from manufacturing to connectivity, security and other areas. In 2022, the IoT industry will see accelerated adoption across many sectors, necessitating the need to reinforce the security frontiers. IoT operates on multiple levels, including endpoints, networks, and the cloud, and businesses will need to invest in multiple security levels to guarantee threat-free environments. Without security, the Internet of Things will be nothing more than an internet of threats. While the internet broadened the boundaries of development in the late 1960s, the internet of things will be an overall game-changer.