Your home security system. Air condition system. Your car. Why, even your coffee maker. Almost every imagine digital appliance is now connected to the Internet. The era of connected things has arrived.
IoT is no longer a science project that businesses are putting off for the future. It is a promise to a future that must be leveraged now. In fact, today, it is more difficult to find a coffee-maker or any home appliance without Wifi or Bluetooth connectivity. Not just at homes, even at corporations, connected devices has become a serious boardroom topic. According to DigiCert’s State of IoT Security survey 2018, 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.
IoT can bring to businesses several benefits like improved operational efficiency, new revenue channels, business agility, and enhanced customer experience.
However, there are enterprise concerns that dwarf the possibility of gaining these benefits.
Among the top 4 enterprise concerns for IoT are security and privacy.
Source: DigiCert’s State of IoT Security survey 2018
How the Internet of Things can become the Internet of ‘Threats’
If not controlled, secured and monitored, the Internet of Things can go from smart connected things to a web of connected threats. Here are some ways how connected devices can go rogue.
#1 The connected risk of BYOD
Global corporations are losing no time in enabling their employees with BYOD (Bring Your Own Device) and WFH Work From Home working models. Although these working models amplify productivity, they also carry with them the risk of IoT.
For instance, an insecure connected device at an employee’s home can be hacked into by a hacker thereby gaining access to the office system. If the employee has failed to take adequate security measures for the office gadgetry, then it leaves the ground open for the hacker to seed an infectious malware, virus or anything malicious into the office network. That is the connected risk of BYOD which IoT creates.
#2 DDoS attacks
Source: DigiCert’s IoT Security Infographic
Do you know that insecure IoT devices can take down cities? IoT botnets combined with DDoS attacks can bring connected urban infrastructure to a grinding halt. This is not any sci-fi or fictional scenario. Hackers can track down IoT sensors, hack into their weak interfaces and run commands to shut down services or to hijack their functioning.
To cite a real-world example, cities like New York, Singapore, Barcelona, etc. are already running extensive public utilities with the help of IoT. IBM’s white paper - The Dangers of Smart City Hacking found more than 17 security vulnerabilities that make it “painfully easy” to take down large IoT-based urban networks. The security vulnerabilities included public default passwords, SQL injection, authentication bypass and so on.
#3 Premise Intrusion
Home security device shipments worldwide is expected to touch 700 Millions by 2019. According to Alarms.org, three-fourth of homeowners buy security systems that can be monitored through their mobile devices. While these systems saves time and provide convenience, they also become easy targets that hackers can infiltrate easily.
By hacking into the smartphone or a weak smart device, the hacker can take down the home security system thereby gaining access to the entire household. The same scenario applies to corporate offices as well, which makes IoT a certain Internet of Threats.
So, do these security threats mean that it is the end of the road for IoT app development? Not so. There are best practices that enterprises can embrace to insulate their IoT networks from vulnerabilities.
Best practices to establish security in IoT app development
IoT is a relatively new concept. The IT industry as a whole is yet to attain widespread knowledge and authority on its usage, maintenance and security. Here are some best practices that can help thwart the security risks involved in IoT app development.
#1 Review the risk involved
Having a brief idea of the risk landscape will help device a strategic security policy specifically for IoT devices. Penetration testing can be carried out to identify key vulnerabilities that should be addressed on high priority. For example, default public passwords is a vulnerability that can be resolved quickly without much ado.
#2 Setup device identity
Each device in the IoT network must be identified and tagged to grant secure access. Use secure over-the-air updates to keep the device security intact and in tune with the latest development.
#3 Encryption
More than the connected device, it is the data that it creates and exchanges that is of value. Every data exchange by the devices in the network should be secured with end-to-end encryption, code signing or with SSL certificates.
#4 Public Key Infrastructure
Public Key Infrastructure (PKI) can help create the basic framework required for authenticating device identities and for establishing the integrity of security patches. It also facilitates easier management of public-key encryption thus making it a perfect choice for establishing IoT security.
#5 Plan long-term
IoT is going to be here for the long-term. It is not any short-term fad that can be easily replaced. It is got a strong hardware presence which cannot be removed easily. Hence, any security measures made for IoT networks should be planned for the long-term.
What’s next?
With the promise of IoT comes several perils as well. IoT botnets can take down large-scale and sensitive connected networks, including urban infrastructure, home security systems, etc. McKinsey Global Institute estimates the economic impact that IoT can create to be in the range of $3.9 trillion to $11.1 trillion worldwide by 2025. But, the true economic benefit of IoT can be attained only if it is secured and insulated from security threats. To sum it up, security should be the bottom line of IoT app development. Without security, IoT can create more damage than the benefits that it can provide.
