Originally Posted by Forbes – via forbes.com – February 7, 2021
The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internet. This incorporates physical objects communicating with each other including machine to machine, and machine to people. It encompasses everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital world.
By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average and that also amounts to trillions of sensors connecting and interacting on these devices. State of the IoT 2020: 12 billion IoT connections (iot-analytics.com). According to The McKinsey Global Institute, 127 new devices connect to the internet every second.
That is a whole lot of IoT devices and protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices. The prevailing perspective from a security operations perspective on those billions of IoT devices is that anything connected can be hacked.
The IoT Connectivity Threat
Each IoT device represents an attack surface that can be an avenue into your data for hackers. A Comcast report found that the average households is hit with 104 threats every month. The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found. Cybersecurity report: Average household hit with 104 threats each month – TechRepublic
And unlike laptops and smartphones, most IoT devices possess fewer processing and storage capabilities. This makes it difficult to employ anti-virus, firewalls and other security applications that could help protect them. At the same time, edge computing intelligently aggregates local data, making it a concentrated target for sophisticated threat actors. Ransomware can also target applications and data in addition to IoT device hardware. In the third quarter of 2020, Check Point Research reported a 50% increase in the daily average number of ransomware attacks compared with the first half of the year. IoT Security Trends, 2021: COVID-19 Casts Long Shadow (itprotoday.com)
As there is a growing rate of IoT attacks, especially when trends of remote work and remote offices are factored. It is important to know and understand the threat landscape. The U.S. General Accounting Office GAO identified the following type of attacks as primary threats to IoT:
- Denial of Service
- Passive Wiretapping
- Structured query language injection (SQLi controls a web application’s database server)
- Wardriving (search for Wi-Fi networks by a person in a moving vehicle)
- Zero-day exploits