In Blog

A study by Cradlepoint found that 32% of organizations, across a number of different industries, are already using IoT solutions to lower operating costs, increase productivity, expand to new markets, and develop new products.

Why only 32%? The likely answer is concerns over security. Forbes Insight notes that over 30% of companies feel that security is the greatest challenge when it comes to their IoT initiatives. So how can we keep such large and distributed IoT networks and their data secure? In this article, we’re going to examine the current state of IoT security, and some steps you can take to mitigate potential IoT security threats.

The threats against your IoT

IoT security, in its current state, faces two common types of threats: Distributed Denial-of-Service hijackings and ransomware.

A Distributed Denial-of-Service (DDoS) attack is when many computers are remotely controlled by an attacker and used to flood a server, network, website, or infrastructure provider with requests. This flood of requests results in the receiving system being overloaded and crashing. The Mirai botnet was a specific DDoS attack where innocent IoT devices like toasters and fridges were hijacked and used to crash the servers of Dyn, a company that is integral to the Internet connectivity in the United States. This attack resulted in Internet outages across the east coast of the US. These types of attacks are taking advantage of the sheer volume of insecure IoT devices being deployed in the world and using them for malicious purposes.

Ransomware is a type of malware that takes control of your data by encrypting it, so you cannot access it yourself. The attacker then ransoms your data back to you with threats of either deleting your data forever or publishing it online. Ransomware has become a serious threat to IoT networks for several reasons. The first is that IoT devices are always collecting, sending, and receiving large amounts of data that may be sensitive. Compounded on that is the fact that IoT devices have limited computing power. Unlike our desktop computers or servers, they can’t run powerful anti-virus software. This means they’re only as secure as the minimal amount of software shipped with them. Manufacturers easily overlook the importance of security, releasing devices with weak encryption standards, default passwords that are duplicated across many devices, and non-existent security controls and management options.

Your IoT can still be saved

While the security challenges of IoT may seem daunting and insurmountable, there are strategies and initiatives that are being employed to empower IoT organizations.

Backbone providers of IoT platforms are hardening the defenses of their systems and realizing the importance of data compliance in IoT. With so much sensitive data passing through IoT devices, platform providers are taking more care to prevent platform-level exploits as well as ensuring that applications available on their platforms are malware-free and safe to roll out.

Device manufacturers are also adopting new security protocols and authentication methods to create devices that are harder to infiltrate. This will help reduce the amount of DDoS attacks that utilize hijacked IoT networks. Stronger encryption protocols being implemented on IoT devices will ensure that resting data can be much safer from ransomware attacks.

Microsoft has approached the problem by recently releasing Azure Sphere, an initiative that will create new solutions to many of the current security threats. Azure Sphere combines new IoT microcontroller chips, a new IoT operating system, and new Azure-based cloud services to create a security-focused IoT platform that spans hardware, software, and cloud. Holistic initiatives like these could help drastically reduce the amount of security threats on IoT networks.

Wrap up

Organizations that are developing IoT initiatives are realizing that security needs to take a front seat on their projects. Get in touch with the Hanu Rockstars to discuss how your IoT initiatives can be secured and protected against attackers and threats.