The Rise of the Internet of Things

January 20, 2020

They are already here. And they might already outnumber us. Their proliferation is breath-taking, with an estimated population reaching 125 billion in the next 10 years. Internet of Things (IoT) devices are the faces of a societal digital transformation, poised to revolutionize the way we live, play, and work. But are we really in control of this exponential explosion of Internet-connected machines? And, what does this massive network mean from a security perspective?

There are many risks associated with IoT devices which could affect everything from wearables to the industrial control systems behind power grids. A new generation of malware is targeting gadgets faster than ever before. Indeed, the average time required to compromise a vulnerable IoT device connected to the Internet is now only five minutes.

Many IoT devices are online 24/7 and have significant bandwidth available, making them attractive targets for conscription into Distributed Denial of Service (DDoS) botnets. And, hackers can also use them as stepping-stones to compromise enterprise or home networks utilizing their backend connectivity.

As 5G becomes a reality, billions of humans and trillions of machines can take advantage of enhanced mobile broadband for a wide range of applications from emergency services to virtual reality. And to make matters worse, these devices have a long shelf life, which means obsolete and insecure IoT devices will be around for years to come.

Without a doubt, everyone faces an unprecedented technical challenge when it comes to managing IoT risk. Internet-facing IoTs represent only five percent of the total number of devices, however all devices represent a complex risk management problem due to their inherent nature:

The IoT market is fragmented, with many standards at play requiring different tools for monitoring and operations.
IoT devices have a small hardware footprint with minimal computing power, putting them out of reach of traditional agent-based security management tools.
They also contain numerous software stacks with proprietary technologies and formats, making maintenance almost impossible.
IoT manufacturers overlook engineering and security investments due to intense competition and market urgency. As a result, devices often come with hardcoded usernames and passwords, unnecessary services, and remotely exploitable vulnerabilities with no available patches.

Even as things start to improve, with vendors making software updates and patches available, these updates are not always practical. They don’t consider the device’s location, whether it can be updated remotely or requires physical access, and whether the user has the technical where-with-all or motivation to perform the update. There is a major issue here.

As such, network operators are finding an increasing need to identify the IoT devices connected to their networks. This will allow them to assess the level of risk, determine the nature of that risk and manage it appropriately. But this is no easy task because service providers need both broad and deep visibility into networks. Luckily, operators are working with trusted partners to get the visibility and monitoring capabilities they need across their evolving service infrastructure.

IoT devices are driving radical technological and cultural change, transforming our current IT landscape. They will fuel innovation in industries like healthcare, transportation and public utilities. Consumers are eagerly awaiting a smart future that features ultra-fast transfer rates and enhanced user experience.

Users and businesses will only be safe on these networks if service providers have effective oversight and security. Network operators must ensure privacy, availability and reliability so their systems can achieve their full potential.

Darren Anstee is Chief Technology Officer, SBO International, NETSCOUT. Anstee has 20 years of experience in pre-sales, consultancy and support for telecom and security solutions. As Chief Technology Officer, SBO International, at NETSCOUT, Darren works across the research, strategy, and pre-sales aspects of Arbor's traffic monitoring, threat detection and mitigation solutions for service providers and enterprises around the world. He is an integral part of Arbor's Security Engineering & Response Team (ASERT).

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

The Rise of the Internet of Things

Recent Articles by Darren Anstee

Disappearing DNS: DoT and DoH, Where one Letter Makes a Great Difference

Security Magazine

2020 October

The Rise of the Internet of Things

Recent Articles by Darren Anstee

Related Articles

Report Abusive Comment