How many internet-connected devices do you have across your home and workplace? A 2016 survey from Sandvine found that the average North American household contained seven such devices, with laptops and desktops making up less than one-quarter of the total. Mobile hardware, namely phones and tablets, has taken center stage (smartphones alone are 30 percent of home internet traffic), while smart TVs and connected home devices (e.g., networked thermostats, security cameras, etc.) have also made inroads in the last few years.
The Internet of Things (IoT): A High-Risk, High-Reward Shift in Connected Device Strategy
The current trend is toward even more extensive IP network connectivity everywhere, particularly as the Internet of Things comes into focus:
- The Boston Consulting Group has estimated that $267 billion will be spent on IoT technologies in 2020. All components of the IoT stacks — applications, analytics and so on — are expected to have a 20 percent compound annual growth rate until then.
- There is major opportunity for IoT products in sectors such as healthcare. For example, according to McKinsey Global Institute, physicians could reduce the costs of treatment for chronic diseases by up to 30 percent through the use of in-home wireless sensors.
- Aggregation of several IoT analyses by McKinsey revealed that there were as many 10 billion “things” in the IoT through 2013, but that the number could climb to 30 billion by 2020, following a similar CAGR to Boston Consulting Group’s estimates.
However, if there is any potential fly in the IoT ointment, it is the host of security issues that it creates for both consumers and enterprises. Home and especially corporate networks have to adjust to the scores of new devices requesting access and potentially being used for malicious purposes, like being enlisted into a botnet for a distributed denial-of-service (DDoS) attack.
The Botnet Threat
More specifically, Since there are literally tens of billions of devices in the IoT, security teams face a basic challenge in ensuring that a critical mass of them does not become compromised. This is easier said than done, as demonstrated by the recent successes of the Mirai and Persirai botnets.
Mirai took advantage of poorly secured hardware such as internet routers and security cameras to fuel DDoS attacks that disrupted internet service for thousands of Deutsche Telekom customers in 2016. Persirai had a similar design, although it restricted its targets to IP cameras, which are infamous for their vulnerabilities.
3 Ingredients for Success in IoT Security
In this context of complex attacks against the IoT, having a secure and adaptable IT infrastructure is more important than ever. The vast scope of the IoT is ultimately a good reason to work with a trusted, experienced partner to design and implement all of the different parts of your network to ensure that your entire organization is well protected from the most common threats.
What does such protection look like in practice? It should empower IT personnel to:
- Swiftly identify and respond to threats.
- Draw upon tightly integrated security solutions.
- Have options to evolve their network as requirements change.
These three capabilities can be established through the implementation of specific tools such as Cisco Advanced Malware Protection (AMP) and Cisco Identity Service Engine, as well as ongoing consultations and reviews. The two Cisco solutions are helpful in detecting malware infections and unauthorized connections, which are common preludes to network-wide issues. Meanwhile, you need to stay on top of the unpatched vulnerabilities and outdated systems that are frequently exploited by botnets.
Indeed, many older IoT cameras and routers are exposed to exploitation via open ports and are shielded only by a set of easily guessable default login credentials. Operating systems, applications and plug-ins are also frequently out-of-date; a 2017 report from Duo Security found that more than half of Adobe Flash installations were not current and that Windows 7 (released in 2009) still had larger market share than 2015’s Windows 10.
Notably, Windows 7 was the main target of the recent WannaCry ransomware, which could resurface at much greater scale and with improved efficacy if it is redesigned for the IoT. Security researcher and inventor of the Blowfish cryptographic algorithm Bruce Schneier has sketched out the possibilities here, making a compelling case for proactive preparations of IT infrastructure right now so it is ready for a new wave of complex threats.
LaSalle Solutions offers a deep portfolio of security solutions for modernizing your network for the IoT. Visit our security page to learn more about your options.