The IoT is growing more pervasive every day, as it becomes increasingly difficult to avoid interacting with an interconnected web of smart devices. By 2017, the number of interconnected devices on the IoT already exceeded the world population at 8.4 billion, and analyst firm Gartner estimates that number to grow to 20.4 billion devices by 2020.1
From one perspective, this is a highlight of contemporary innovation – our lives are becoming easier and more streamlined through the use of technology. However, the IoT brings with it a host of new challenges in the realm of cybersecurity.
Those sensors in your running shoes can also be used to track your movements, revealing your exact location to anyone with access to the code. A hacker could open your smart front door remotely, or take the wheel of your driverless car. With a malicious coder behind the keyboard, even your trusty Alexa could start making some very questionable Amazon orders on your behalf.
Balancing the Potential and Pitfalls of IoT
To be fully equipped for a future of IoT, you have to consider that every device in the network can execute code, and can therefore be hacked and used to execute malware.
As the IoT becomes more integrated with our daily lives, it builds a growing cache for massive amounts of sensitive information, making the IoT an attractive target for would-be cyber criminals. Because the network is always online, it’s available day and night to malbots, constantly scanning for vulnerabilities and unlocked doors in your cybersecurity system. This year, Gartner estimated that 20% of organizations experienced at least one IoT attack in the past three years.2
Geolocational Data Breaches
Through geolocation data technology, your exact location can be pinpointed and shared in the blink of a keystroke.
In 2017, inadequate security measures in Amazon’s S3 cloud storage service resulted in a massive data leak, where more than 540,000 GPS tracker devices’ data was found to be available online. Along with personal information like usernames and passwords, the leak also released vehicle license plates and GPS logs, revealing a full location history for each affected vehicle on the network.
Monitoring app mSpy is a modern parent’s dream, allowing them to keep tabs on their children’s location and internet activities. However, poor security compounded by a lack of end-to-end encryption-based protection lead to a massive data leak in 2015. Hundreds of gigabytes of sensitive data were leaked, affecting more than 400,000 customers.3
Developing a strategy of Cyber Resilience
The architects of the IoT network have the difficult task of predicting these vulnerabilities before a cybercriminal does. To ensure the safety of businesses and consumers, cybersecurity must be thought of as an integrated aspect of product design, not an afterthought implemented at the end of the design process.
Alex Drozhzhin observed that developers of IoT devices “face realities of a brand new world they know nothing about,” and don’t recognize the need for security. “For an average user, a connected microwave is still just a microwave. A user would never imagine it is a fully equipped, connected computer which has means of influencing the physical world.”4
Cybersecurity experts need a holistic approach to the security strategies protecting the Internet of Things. Being cyber secure doesn’t stop with a good security system, but builds over time into cyber-resilient strategies that can dynamically reshape to meet the challenges of new cyber threats as they appear.
The Harvard Cybersecurity online short course equips cybersecurity professionals with the skills to design, implement, and maintain a holistic cyber security strategy in any organization.