Let’s come straight to the point stating that the connected world stands on the cusp of more critical vulnerabilities. From January to June in 2021, some 1.51 billion breaches of Internet of Things (IoT) devices took place and these numbers just seem to get more glorified in the coming time. Most attackers brokered access to IoT networks via the telnet protocol, a command-line interface that enables remote communication with a device or server.
Kaspersky found that more than 872 million IoT cyberattacks — or 58% – leveraged telnet, many with the intent of cryptocurrency mining, distributed denial-of-service (DDoS) shutdowns or pilfering confidential data.
The internet of things (IoT) security market is poised to grow by USD 80.94 bn during 2020-2024 progressing at a CAGR of 37% during the forecast period.
What is IoT security?
IoT security refers to the methods of protection used to secure internet-connected or network-based devices. The term IoT is incredibly broad, and with the technology continuing to evolve, the term has only become broader. From watches to thermostats to video game consoles, nearly every technological device has the ability to interact with the internet, or other devices, in some capacity.
IoT security is the family of techniques, strategies and tools used to protect these devices from becoming compromised. Ironically, it is the connectivity inherent to IoT that makes these devices increasingly vulnerable to cyberattacks.
Because IoT is so broad, IoT security is even broader. This has resulted in a variety of methodologies falling under the umbrella of IoT security. Application program interface (API) security, public key infrastructure (PKI) authentication and network security are just a few of the methods IT leaders can use to combat the growing threat of cybercrime and cyberterrorism rooted in vulnerable IoT devices.
Supply Chain Attacks
With growing digitalization across the supply chains, this sector seems to be in a critical stage of transformation. Today supply chain managers need to act round the clock with automation and humans working toe to toe. Thousands of cases today are rovering across the supply chains as this has become the real market propellers and disrupting or attacking the supply chains can hurt the whole company’s business model. From deploying advanced software and hardware tools and equipment’s; supply chains have invited major vulnerabilities across organizations. The first widely reported supply chain attack occurred over a year ago when a SolarWinds vulnerability compromised dozens of critical network operations across industries and the federal government. Since then, we have seen more attention in this area, along with growing concerns and actual vulnerabilities and exploits in open-source code.
When vulnerabilities are announced in open-source software, which can be used by many applications, the damage can be just as, or even more, extensive than single-vendor software. It depends on how widely used the library component is. This was the case with the December disclosure of the Log4Shell vulnerability. Log4Shell was found in the Apache Log4j (pronounced log-forge) open-source logging library, widely used in commercial applications and large online platforms. Due to the simplicity, attackers were able to quickly launch attacks ahead of remediation and patch efforts across the globe. One of the largest ransomware groups was able to use the exploit within a week, executing an attack against VMware vCenter deployments.
Today’s Emerging Threats
Shoring up cyber defences in OT and IoT environments requires a multi-pronged approach that often includes complementary technologies, well-defined oversight and processes, and necessary security hygiene. Too often, overburdened security teams allow human error to compromise even the most advanced defences with weak passwords, misconfigured networks and devices, or social engineering. Many ransomware attacks begin with a naïve user clicking on a malicious email link in an otherwise well-defended network.
Network segmentation is another fundamental component of a cyber-defence strategy designed to prevent the spread of malware to critical applications and OT processes. Several technologies are useful to segment networks, such as VLANs and firewalls depending on the environment and policy requirements. In OT networks, the Purdue Model is one way of creating network zones that align with process elements and system function. However, too often we encounter organizations with completely flat networks (minimal segmentation), where easily compromised systems with mission-critical applications and processes have little or no isolation.
The Pandemic Outbreak Invites More IoT Security
The COVID-19 pandemic outbreak has disrupted many industries, such as the Internet of Things (IoT) security product market. Many private, as well as government organizations, have allowed their employees to work from home amid the lockdowns, which has created the need for monitoring the network security proactively, as people are remotely connected consuming enterprise resources and sharing documents using collaboration tools. For Instance, East Asia accounted for 42% of the total installed connected devices such as smart meters, and among others, in 2019, which is estimated to increase in the forecast period for remote monitoring of the infrastructure during times of such pandemic. Business is increasingly adopting security solutions to manage such security risks in the new home-working environment. Amid the COVID-19 pandemic, there has been led IoT healthcare security solution providers to quickly render solutions for combatting the increasing demand for a high-quality solution for protection against the COVID-19 virus. The growth of the Internet of Things (IoT) security product software solutions will be profoundly impacted in different applications, such as Machine-to-Machine (M2M) communication, Vehicle-to-Vehicle (V2V) communication, and among others.
Adoption of IoT devices in the Medical Sector
Enterprises are required to upgrade their health IT infrastructure for shifting to the Internet of Things and to keep up with the increasing adoption of connected medical devices. This technological advancement enables patients and service providers to enable more efficient management and security measures of information and data in the healthcare sector. At the same time, the adoption of connected devices has loopholes for hackers to steal data such as patient records and also conceal services being offered by healthcare service providers. As a result of such cyber threats, healthcare organizations adopting connected medical devices also prefer adopting cyber security solutions.
- Lack of regular patches and updates and weak update mechanism
- IoT products are developed with ease of use and connectivity in mind.
- They may be secure at purchase but become vulnerable when hackers find new security issues or bugs.
- If they are not fixed with regular updates, the IoT devices become exposed over time.
- Let us explain this IoT security concern with Satori.
- Satori is another malware that spreads and acts similarly to Mirai.
- Satori delivers a worm so that infection can spread from device to device with no human interaction.
- First, it doesn’t just spread via credential guessing but has been found to target known vulnerabilities in specific ranges of WiFi routers.
- Second, Satori has been discovered infecting smart processor architectures previously ignored by IoT malware, SuperH, and ARC.
What’s the Magic Formula Here?
Responsible manufacturers should go the extra mile to fully secure the embedded software or firmware built into their devices. They will release security updates for their IoT devices when vulnerabilities are discovered.
Enterprises can then provide critical security updates to IoT devices in the field.
Network managers should also pay special attention to update mechanisms, including only signed updates and encrypted exchanges for authenticity.
Unexpected firmware updates have taught developers some hard lessons about the importance of a well-planned Firmware Over the Air (FOTA) strategy.
If you’re eager to use Low Power Wide Area network technologies (LPWAN), incremental FOTA solutions should be explored.
It comes as no surprise that California’s and Oregon’s IoT cybersecurity laws (effective 1 January 2020) or the UK’s proposed IoT cybersecurity law (2020) require the IoT devices sold in their respective territories to be fitted with “reasonable security features”.
These include unique passwords, regular security updates, and vulnerability disclosure, in particular.
Indian IoT Market
The Indian IoT market is expected to reach US$9.28 billion by 2025 from US$4.98 billion in 2020, driven mostly by changes in enterprise behaviour triggered by the COVID-19 pandemic and verticals’ focus on automation are driving the market.
According to the latest analysis by Frost & Sullivan, the growth of IoT adoption in the country is backed by strong connectivity and coverage, rising internet penetration, a surge in smart applications adoption, new business models, and government initiatives such as smart city projects.
India offers multiple opportunities for IoT providers, and the country’s IoT ecosystem is expected to continue growing to offer entire new streams of revenue. Market participants should focus on:
- Private long-term evolution (P-LTE) for enhanced security: Indian telcos should focus on marketing the benefits of P-LTE to create awareness and approach enterprises with vertical-specific P-LTE solutions.
- Real-time operational intelligence for heightened risk and compliance management: IoT providers must develop hardware and applications that are interoperable and pre-integrated to offer brand-agnostic IoT solutions.
- Visual matrix solutions for improved CX: IoT providers should establish partnerships with visual surveillance system original equipment manufacturers (OEMs) to jointly offer in-store, live consumer analytics along with core security solutions.
- IoT as a Service for Smart Diagnostics Laboratories: Starting with open source-based IoT solutions can reduce costs substantially and encourage the adoption of smart laboratories as a service.
