Today’s businesses are full of things that connect to the internet, from electricity meters to lighting to fridges. In manufacturing and industry, networked devices monitor safety, productivity and maintenance needs, saving money, time and energy. What’s not to love?
Security for these game-changing IoT devices isn’t getting enough attention, argues Chris Kubecka, CEO of Hypatec and distinguished chair of the Middle East Institute in Tomorrow Unlocked’s video Internet of Things: When Devices Attack. In fact, poor IoT security has already claimed lives.
What is the Internet of Things?
IoT devices include any device that connects to a network. They’re often called a ‘smart’ something – like smart meters, lightbulbs and printers.
Noushin Shabab, Senior Security Researcher at Kaspersky, says, “The industrial Internet of Things could be worth a trillion US dollars by 2025. Companies like Airbus use IoT for predictive maintenance sensors in aircraft. It’s high risk – devices not regularly connected can’t receive updates, so are more easily hacked.”
“These devices are becoming common in homes and industry,” says Kubecka. “But most are not properly security tested, and many use outdated operating systems. It’s easy for attackers to exploit those and bring down entire businesses.”
What risks come with unsecured IoT devices?
Kubecka describes how in 2014, the German government reported a fatal hack into the network of a steel mill. Attackers flooded the network, and safety systems couldn’t operate. Three people were killed and many injured.
Other attacks are more domestic, like one Kubecka investigated in Saudi Arabia. “A company bought a bunch of new smart fridges from a supplier that didn’t security-test. A criminal gang exploited these fridges and used them for spam and manipulating the stock market.”
Businesses that IoT attacks have shut down often didn’t think they’d be a target.
But cybercriminals can use anyone’s data and systems for fraud and other money-making schemes, like mining bitcoin.
How businesses can better secure smart devices
“Makers and sellers of IoT devices must do their part to secure them,” says Shabab. She recommends they audit code, test for vulnerabilities and let users update and patch devices themselves rather than updating remotely.
Using security expertise helped smart prosthetic limb makers Motorica, who asked Kaspersky to review their device security. Kaspersky’s researchers found several vulnerabilities, letting Motorica protect their customers by closing security holes.
While IoT makers are getting more security conscious, businesses may already be full of insecure smart devices. Start with an audit of what’s connecting to the internet, disconnect anything that doesn’t need to connect and make sure connecting devices have strong passwords. If you supply IoT devices, use a secure-by-design gateway like Kaspersky IoT Secure Gateways (KISG.)