IoT and cybersecurity, the next big crisis is knocking on the door
The Internet of Things revolution is not paying attention to the unusual security holes detected in thousands and thousands of connected devices. The alliance between IoT and cybersecurity will be indispensable to contain the threats posed by the Web
IoT and cybersecurity. Look no further. The revolution unleashed by the Internet of Things has all the tickets to become responsible for the next big cybersecurity crisis. The era of the smart may not be that smart.
So many signals have been received over the last few years… So many unusual security holes have been discovered in connected devices…
What should be a solid marriage between IoT and cybersecurity today isn’t even close to a relationship between distant acquaintance.
Hacked coffee machines, refrigerators parasitized to carry out denial-of-service (DDoS) attacks, hacked cameras that violate people’s privacy… And this is just the beginning.
The robotization of factories, a phenomenon known as Industry 4.0, will transform the landscape of the global economy around the corner.
Any security hole in the millions and millions of connected devices that will be installed in plants halfway around the world could end up having a global impact.
But the ability to introduce ransomware into a company through a security breach in a computer has already been amply demonstrated in recent years.
The OWASP Foundation, developers such as Avast or Kaspersky, organizations such as Incibe or researchers such as those at the University of California have insistently warned of the problem.
A problem that is graphically illustrated by the figures. According to a report by Bank of America, the number of connected devices worldwide will increase from the current 30 billion to more than 150 billion in about 7 years.
A perfect breeding ground for cybercrime.
So, in this context, letting the relationship between IoT and cybersecurity remain in the territory of equidistance is foolhardy. Or worse.
Gonzalo Carracedo, the director of Tarlogic’s Innovation department, explains it with a very eloquent expression. «It’s the synergy of catastrophe. If you have a device with a vulnerability but it’s isolated, that vulnerability stays there. But if it’s connected… The damage escalates to limits that we don’t really know about», he stresses.
Carracedo maintains that, from the cybersecurity point of view, the Internet of Things revolution represents a challenge that cannot be turned away from.
The Mirai warning
Recent incidents such as Mirai and Reaper have highlighted the risks associated with the era of smart devices. To the ability of bad guys to take control of hundreds of thousands of devices to achieve their goals.
Everyday devices such as surveillance cameras, coffee makers or refrigerators. Even Smart Tvs. Appliances that are now part of the everyday decoration of homes and businesses.
«It’s just that when you expose any gadget to the Internet, you can’t trust that it will be safe. Because we know it’s not», argues Carracedo.
At this point, the real crux of the matter comes to the fore. The need to place cybersecurity at the heart of the IoT universe, an element to which many authoritative voices have been drawing attention to for some time now.
«Cybersecurity cannot be a topping. A dessert to be added at the end of the connected device design process. It has to be at the heart of the engineering process because if it isn’t, we see what happens», warns Tarlogic’s Innovation Director.
In the end, and in view of what is happening, it poses a kind of cultural change that affects manufacturers and developers.
But also the users themselves, the vast majority of whom are alienated from extremely serious events such as massive data theft, invasions of privacy, and so on.
The statistics once again highlight the seriousness of the story. In eight out of ten malware attacks on IoT devices, the origin lies in the abuse of Telnet credentials or the use of ultra-used and unchanged passwords.
Or to put it another way. Completely ignoring the most elementary cybersecurity standards.
Haste and ignorance, the disaster cocktail
Behind these market behaviors, there is often haste, lack of knowledge or the need to save costs. «The lack of time associated with time to market is often responsible for this nonsense», says Gonzalo.
Certainly, organizations such as Incibe have worked on the issue and point mainly in two directions.
Firstly, costs. The need to save budget, investing resources in the functionality and usability of the gadget over security.
A lack of foresight that sooner or later is bound to be very expensive. And it will surely start to translate into a reputation crisis for some manufacturers or developers as the proliferation of attacks grows.
Secondly, the lack of knowledge. The lack of personnel specialized in cybersecurity who can project all the know-how they accumulate to the design of the connected device.
Gonzalo Carracedo focuses especially on this point. On the need for advanced cybersecurity services. An a posteriori security audits is not enough.
And he warns companies about the responsibility they have to assume when it comes to data manipulation. «When a customer tinkers with your device, you are responsible for the data you collect and process. And you must ensure its security», he concludes.
Enshrining the status quo doesn’t seem to be the right way to go now that the Internet of Things revolution has reached cruising speed.
Therefore, the time has come to take a step forward. You know…
–IoT, do you want cybersecurity as a partner?
Discover our work in www.tarlogic.com