The Internet of Things (IoT) is poised to transform our society and many countries, including Singapore, are starting to harness its potential to enhance the quality of life and improve business productivity. Currently, there are already 10 billion connected devices around the world and this figure is forecasted to skyrocket to 50 billion by 2020, seven times more than the world's population in 2014. However, mass adoption and utilization of IoT is hardly a bed of roses as 70 percent of IoT devices are susceptible to cyber-attacks. This means that we will be dealing with billions of hackable devices in the near future unless we start reinforcing IoT security today.
Growing Danger in the IoT Landscape
Although IoT's unprecedented degree of connectivity and automation can bring about immense convenience and business opportunities, it also presents cybercriminals with increasing opportunities to cause massive mayhem. One example would be the security breach at Target in the US late 2013. Using stolen network credentials from a single inconspicuous sensor that measures in-store temperate, cybercriminals were able to hack into the discount chain's network. As a result, a staggering 40 million credit cards were compromised, turning this IoT attack into the second largest credit card data breach in US history. Consequently, Target's reputation and customer confidence were damaged as well.
With more machines permanently plugged into the Internet and running autonomously in the field, they are not only vulnerable to cyber-attacks, the intrusions are also harder to detect and rectified promptly. To aggravate the situation, any single connected device can become an entry point for attackers. As such, IoT's exponential growth will provide cybercriminals with an unparalleled number of targets.
Protecting Your IoT Assets Today
IoT's vulnerability to cyber-attacks can very well undermine its market acceptance and impede its growth. In order to gain the people's trust and demonstrate the reliability of the IoT ecosystem, it is imperative for us to address the growing IoT security concerns. It is also equally important for us to consider and incorporate security into IoT now when it is still in their infancy trial phase. A "bolt-on" approach that installs security solutions after IoT deployments are rolled out en-masse will be too little too late. There will be too many weak links that can be exploited and too many vulnerabilities to be remedied.
One fundamental step that organizations can take to safeguard IoT is to strengthen the security of machine-to-machine (M2M) communications, the backbone of IoT. Engineers can take an integrated approach which leverages passive, active and reactive security measures to safeguard M2M devices.
- Passive security methods, such as tamper resistant mechanics, can easily prevent signal interception and thwart cybercriminals from performing easy "black box" analysis of the device.
- Active security processes, such as the Transport Layer Security-based encryption and certificate-based authentication, can deter potential perpetrators by making the devices exceptionally challenging to compromise.
- Reactive security measures can detect unauthorized intrusions and minimize the impact of attacks.
Sign up for CIO Asia eNewsletters.