By Srini Vemula, Global Product Management Leader at SenecaGlobal
The Internet of Things has a security problem that, left unchecked, could become a full-blown crisis. For businesses increasingly reliant on IoT and the partners who serve them, the answer isn’t to fall back on traditional cybersecurity methods. Just as the IoT poses new threats, it demands new solutions.
The use of connected devices has grown enormously in the past few years, and deployments are only on the rise. According to a 2017 Gartner report, there are 8.4 billion connected devices in circulation around the globe — a number that’s expected to rocket to more than 20 billion by 2020.
For a long time, discussions about IoT-based damage to businesses remained largely hypothetical. But over the past year, those theoretical threats have materialized into something very real. The problem came into stark focus with the emergence of Mirai, a botnet designed to attack vulnerable IoT devices. From DVR boards to smart cameras, Mirai ended up infiltrating roughly 100,000 connected devices. The creators of the botnet then used the commandeered devices to overtax a major DNS service provider, leading to major website interruptions and outages across the country.
Mirai laid the groundwork for a host of new IoT-based threats. As research conducted by Kaspersky Labs revealed, IoT-specific malware programs have doubled between 2016 and 2017 — and that number is expected to do nothing but rise. Attackers are becoming more sophisticated and insidious, with new malware strains like Reaper and IoTroop posing unprecedented threats to IoT devices.
At the same time, your customers are ramping up their deployments of IoT. According to the Gartner report, while consumers use more connected devices, it’s businesses that are doing the majority (57 percent) of IoT-based spending as they apply IoT technology to increasingly enterprise-critical functions. As a partner, you can’t just install and connect sensors and walk away. You need to help customers secure new devices, provide education and make sure older nodes aren’t owned. As cybersecurity expert Brian Krebs points out, there may be 1 million organizations that already have been compromised as a result of IoT attack malware.
For partners, the challenge with IoT security is that the requirements are different from typical IT systems. One key issue is the inherent degree of connectedness among IoT nodes, whether they’re communicating with gateways or with other devices in the area. This interconnectedness is core to the value proposition of IoT. It also means that malware has the potential to spread quickly from device to device.
The other hurdle with defending IoT devices is that standardized security solutions, like multifactor authentication, often can’t be applied. If, for instance, your customer has 100 intelligent sensors remotely dispersed, it won’t be feasible to have multifactor authentication attached to every sensor. This is especially problematic given that the majority of IoT-based attacks so far have begun with bad actors targeting insecure passwords.
In addition to these unique challenges, IoT device providers haven’t prioritized security to a needed degree — or sometimes any degree. Instead, they’ve focused on …