2016 saw as many as 4,000 ransomware attacks each day throughout the year. This number is expected to increase this year. While most of the Internet of Things (IoT) enabled devices do not store sensitive information till now, hackers will find ways to reveal personal information soon.
Research firm, Forrester, estimates that IoT vulnerability and attacks in 2017 can easily surpass the scale of attacks like Heartbleed, “especially if multiple IoT solutions include the same open source component,"” according to their report.
IoT security remains a concern today. By 2020, organizations are estimated to spend as much as $267 billion on IoT security. So, how will 2017 stand out?
Primary focus area of IoT security in 2017
Here is what organizations will primarily focus on, this year, when it comes to IoT:
- Security of smartphone—Enabling IoT means people can track your daily behavior from the food you eat to the time you exercise for. The Federal Trade Commission and the Federal Communications Commission has brought out its own report on the IoT strategy it would employ this year.
- There will be more focus on endpoint devices and the process to make the security aspect more visible.
- More than 500,000 IoT devices are predicted to be compromised by 2017.
Keep up to date with all the information you need by subscribing to the 100TB newsletter at the bottom of this post.
In this context, here is a list of the top security trends for IoT in 2017:
#1. Distributed Denial of Service Attacks Will Increase.
The Distributed Denial of Service attacks (DDoS) has multiple compromised systems targeting a particular non-compromised machine by flooding it with traffic and making it inaccessible to users. Hackers target endpoints (end machine of a network—computers and surveillance cameras, for example), and in the past DDoS attacks have blocked operations of popular services like Twitter and PayPal. The services were disrupted for hours on end, and impacted millions around the world.
The Mirai botnet was one such famous botnet, targeting thousands of IoT devices.
#2. Risk between IoT devices and mobile phones will be greater.
Smartphones aren’t as safe as you’d think them to be. Data has been leaked through the popular apps like Snapchat before and with IoT enabled devices, hackers could get access to just about anything, from your PC to even your washing machine! Malwares like Mirai can get access to household appliances easily, and then using them for anything from information to making your home gadget a cyber weapon.
Mobile phones are at a greater threat- and unsafe applications may have hidden vulnerabilities. It’s easy for hackers to get access to sensitive details including banking information.
In fact, in a recent survey, 60% of organizations have confirmed that some or the other data in their organization has been leaked through unsafe mobile apps. Since IoT apps are harder to secure than other mobile apps, it’s more likely to be compromised..
#3. Safety certification will be more important than ever.
Authentication remains a key problem and often, lack of strong encrypted authentication techniques means that cyber criminals can easily exploit the vulnerabilities of a system that connects to these devices.
The Cyber Security Assurance Program (CAP) aims to set certification standards that are expected to drastically reduce the number of attacks that such devices currently face. CAP is aiming for a three level certification and having all three certificates is planned to secure these devices to a great extent.
#4. Newer products to improve IoT security.
There are security protocols already in place to improve IoT security. For example, API security – it deals with protecting transmitted data between devices, preventing them from falling in the hands of hackers. Other new similar technologies include biometrics authentication techniques, which will use facial recognition and fingerprints for giving access.
New products like encryption keys, and decentralized security devices, like the one from HYPR seem to be the answer to the IoT security needs. The company uses biometric security, and can be easily integrated into different employee and customer applications. You don’t need a password here – it’s secure biometrics that do the work.
Companies like Webroot are taking it a step further, and have come out with their own toolkits to battle the IoT security problem. The company uses an active threat intelligence mechanism to identify any IoT threats, as well as monitors user behavior to identify and protect devices. The company offers both inbound and outbound protection.
#5. Artificial intelligence will influence IoT development.
When it comes to collecting information through IoT enabled devices, organizations will increasingly look forward to using machine learning and Data Intelligence. It could be especially useful for industries like retail, which suffers 30% of annual losses simply because it cannot detect non-scanned items at checkout.
The right data could help organizations drive change and improve profits. Artificial intelligence would also drive in data security, as it would help improve the organization’s detection and response capabilities. It could potentially uncover threats on its own and block it, without the need of any human intervention.
If you like this try reading Big Data trends for Q2 2017.
Our take on IoT Security 2017:
To improve IoT security, we need better Public Key Infrastructure, which involves establishing the proper identity and authentication to avoid misuse and unauthorized access.
Companies like HYPR and toolkits like Webroot are aiming to do the following, and 2017 will be a big step to achieve a secure IoT system. What we need today is a better knowledge about the common types of IoT attacks and the best possible ways to protect them. As IoT is still in its infancy, the vulnerabilities are many, and it’s only having good security practices that will help users overcome emerging attacks.