by Florian Riederer
From smartphones, smartwatches, connected cars, networked wearable medical devices, and so on, the highly connected world we live in has made normal, what still almost felt like science fiction 15 years ago. This wide array of networked devices, the internet of things, has enabled great leaps in efficiency, enabling us to get more done, and have more control than ever before. However, they have also opened up new attack surfaces that can be exploited.
Unfortunately, the early warnings of security experts about the theoretical opportunities for bad actors to infiltrate devices and cause harm has finally become the reality of our threat landscape. From the high-profile attack that shut down the Colonial Pipeline System this past May to hacks on domestic smart devices such as highjacked thermostats or baby monitors. Even devices that aren’t directly connected to the internet, but access it through mobile data are at risk, and this risk is expected to increase as the introduction of 5G will enable more and better-networked devices.
Some steps that can be taken to ensure the safety of your IoT network are just the same precautions we should practice with our internet and computer use in general. Employing password best practices and enabling multi-factor authentication goes a long way to provide more security. However, IoT devices have unique risks relative to computers and traditional attack surfaces. Because they are specialized towards specific functions, and to keep costs down, the overall computing power in many IoT devices is relatively small, and security protections would take up space that manufacturers are unwilling to allocate.
The threats posed by attacks on IoT devices are also unique. While traditional ransomware attacks extort the victim by preventing access to data, ransomware attacks on IoT devices can represent threats of imminent, physical, and widespread harm, particularly in attacks targeting industrial equipment, such as an attack in February on a water treatment plant in Oldsmar, that nearly released contaminated water to the 15,000 residents serviced by the plant.
Protecting ourselves, our organizations, and each other from the increasing number and severity of attacks on IoT devices will require clear and efficient network supervision and visibility to identify and respond to unauthorized access. If you want a more detailed overview of the contemporary IoT landscape, I highly recommend this white paper from our partners at Gigamon. If you would like to learn more about how Atlantic Data Security fits into your IoT security needs, please reach out to us at Info@atlanticdatasecurity.com.