Securing the IoT threat vector

Mark Hearn, director of IoT Security at Irdeto

Organisations today know that they need to have a cybersecurity strategy in place to protect their intellectual property (IP) and sensitive data from getting into the hands of cybercriminals.

However, a security strategy will only be effective if tailored to the threats that an organisation faces and many are failing to learn what they’re up against from a cybersecurity perspective. As a result, countless organisations do not properly implement the best cybersecurity approach and this, in large part, is why we are seeing increasing numbers of ransomware and malware attacks globally, says Mark Hearn, director of IoT security at Irdeto.

The problem is that the pace of change in business models has not been matched by the evolution of organisations’ approaches to security. As consumers increasingly demand flexibility, ease of access and convenience, not to mention delivery of services and content across a range of devices, companies are increasingly relying on connectivity.

While this is beneficial and critical to expansion of business opportunities, this connectivity also introduces vulnerabilities from more third-party sources, and this will only extend further with the proliferation of IoT services and devices. Hackers exploit these vulnerabilities to bypass safeguards in place to gain entry to a device, and from there apply pressure against a service or business.

The threat to businesses in relation to IoT is clear, but what about protection of IoT devices themselves and the services that run on them? Gartner has predicted that there will be more than 20 billion IoT devices by 2020 and the deployment model for IoT devices is very often build, ship and forget.

With the increased levels of connectivity to IoT devices, often deployed outside of a company’s IT security perimeter, manufacturers must now think about the protection, updates and upgrades of IoT devices as a critical part of their IoT security strategy. Threats are constantly evolving, so it is also crucial that IoT security is renewable and consists of diverse advanced security technologies, all reinforcing each other.

Ransomware beyond the PC

The threat to IT systems and PCs has been demonstrated spectacularly over the past year or so. In May, the WanaCrypt0r 2.0 ransomware attacks struck, followed quickly in June by a global attack that was originally thought to be a variant of Petya ransomware, but was subsequently determined to actually be malware.

As the threat evolves, we must realise that many IoT devices are also susceptible to ransomware and increasingly will be attack targets. The attacks against automobiles that we have seen to date are basic, but illustrate the ease with which a fleet or entire model year could be compromised and held for ransom. Ransomware is a whole different ball game that requires preparation and a robust cybersecurity strategy.

IoT as a concept is still a relatively early in its maturity across many industries and there are still many different versions of operating systems and chipsets controlling the various devices. With convergence and standardisation in the future, we will see a definite increase in threats to the IoT devices on the edge of our networks, which in turn, will become the risk battle ground for our businesses.

Ransomware attacks against factories and hospitals has had clear impact on the bottom line, as well as potentially putting consumer safety at risk. However, when it comes to IoT and automotive, we will also likely see ransomware attacks executed that threaten brand damage – the next generation of Ransomware will be about holding a company’s customers or their brand hostage in the hacker’s hopes of a bigger pay off.

Take the example of an expensive consumer appliance, or any other expensive consumer good that carries a warranty. Once critical mass is reached, an attack would only need to threaten the possibility of the appliance doing something strange to ensure a mass warranty call from consumers.

The potential brand damage and cost of replacement would likely motivate the manufacturer to pay a ransom based on the threat. When you throw in the potential for the attackers to make public claims about the vulnerability and its impact on consumers, brands will certainly be running scared.

Evolving your security strategy

With increasing vulnerabilities providing new targets for hackers, the “check box” security approach that many companies take today simply isn’t effective. Without knowing what you’re up against, an organisation’s approach to cybersecurity is destined to fail.

With a threat-risk analysis of how a hacker operates, organisations are more prepared to address cybersecurity challenges head-on by implementing the proper safeguards that secures their sensitive information, including an organisation’s IP and customer data.

It’s important to understand what hackers are after and how they gain access, despite security measures that are already in place. It is also important to disrupt a hacker’s business model by making it difficult to exploit vulnerabilities from IoT services and connectivity that exist in an organisation’s IT infrastructure. It’s not about making yourself un-hackable, as this is pretty much impossible, but it’s about making yourself unattractive as an attack target.

With this in mind, organisations must implement an ever-evolving defense in depth approach to cybersecurity on their edge devices (whether still in their network, or deployed to the consumer), and continually raise the security bar against the latest attack vectors. This approach needs to involve many layers of security being implemented throughout their product ecosystem, rather than just a simple perimeter defense or hardware-only security approach.

The first target for any attack is always going to be the least secure device (particularly pertinent in IoT) or system, so organisations must focus on making themselves more secure than the environment around them, to ensure the reward from any attack is not worth the investment in making it happen. Mitigating attacks against connected devices is crucial to the protection of their consumers, their brand reputation and, ultimately, their revenue.

The author of this blog is Mark Hearn, director of IoT Security at Irdeto

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow


Motive and Navistar partner to equip fleet operators with robust vehicle telematics data and insights

Posted on: July 1, 2022

San Francisco, USA. 29 June 2022 – Motive, the specialist in Automated Operations, and Navistar, a manufacturer and solutions provider to the medium-, heavy- and severe-service trucks industry, announced today a strategic partnership and future product integration that will connect Motive’s Automated Operations Platform with Navistar’s OnCommand Connection telematics and Advanced Remote Diagnostics solutions.

Read more

Seamless indoor cellular coverage has earnt its rightful place as a 4th utility

Posted on: July 1, 2022

“Network infrastructure including fibre broadband and Wi-Fi access points are factored into all new building projects from the outset, with mobile coverage infrastructure taking second place. Both should be given equal status in a world driven by tech,” says Colin Abrey of Nextivity.

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox