They are already here. And they might already outnumber us. Their proliferation is breath-taking, with an estimated population reaching 125 billion in the next 10 years. Internet of Things (IoT) devices are the faces of a societal digital transformation, poised to revolutionize the way we live, play, and work. But are we really in control of this exponential explosion of Internet-connected machines? And, what does this massive network mean from a security perspective?
There are many risks associated with IoT devices which could affect everything from wearables to the industrial control systems behind power grids. A new generation of malware is targeting gadgets faster than ever before. Indeed, the average time required to compromise a vulnerable IoT device connected to the Internet is now only five minutes.
Many IoT devices are online 24/7 and have significant bandwidth available, making them attractive targets for conscription into Distributed Denial of Service (DDoS) botnets. And, hackers can also use them as stepping-stones to compromise enterprise or home networks utilizing their backend connectivity.
As 5G becomes a reality, billions of humans and trillions of machines can take advantage of enhanced mobile broadband for a wide range of applications from emergency services to virtual reality. And to make matters worse, these devices have a long shelf life, which means obsolete and insecure IoT devices will be around for years to come.
Without a doubt, everyone faces an unprecedented technical challenge when it comes to managing IoT risk. Internet-facing IoTs represent only five percent of the total number of devices, however all devices represent a complex risk management problem due to their inherent nature:
- The IoT market is fragmented, with many standards at play requiring different tools for monitoring and operations.
- IoT devices have a small hardware footprint with minimal computing power, putting them out of reach of traditional agent-based security management tools.
- They also contain numerous software stacks with proprietary technologies and formats, making maintenance almost impossible.
- IoT manufacturers overlook engineering and security investments due to intense competition and market urgency. As a result, devices often come with hardcoded usernames and passwords, unnecessary services, and remotely exploitable vulnerabilities with no available patches.
Even as things start to improve, with vendors making software updates and patches available, these updates are not always practical. They don’t consider the device’s location, whether it can be updated remotely or requires physical access, and whether the user has the technical where-with-all or motivation to perform the update. There is a major issue here.
As such, network operators are finding an increasing need to identify the IoT devices connected to their networks. This will allow them to assess the level of risk, determine the nature of that risk and manage it appropriately. But this is no easy task because service providers need both broad and deep visibility into networks. Luckily, operators are working with trusted partners to get the visibility and monitoring capabilities they need across their evolving service infrastructure.
IoT devices are driving radical technological and cultural change, transforming our current IT landscape. They will fuel innovation in industries like healthcare, transportation and public utilities. Consumers are eagerly awaiting a smart future that features ultra-fast transfer rates and enhanced user experience.
Users and businesses will only be safe on these networks if service providers have effective oversight and security. Network operators must ensure privacy, availability and reliability so their systems can achieve their full potential.