The Internet of Things is fast becoming a ubiquitous part of modern society. Everything from your TV, to your light bulb, to your kettle is now able to be connected to the internet, and although this may mean short-term gratifying convenience, it may spell for a longer term pain. With the rise IoT attacks over the past year, your kettle could end you up in some hot water with cybercriminals.
According to a report from Business Insider, the prevalence of the Internet of Things is set to explode within businesses by 2020, with $3 billion estimated to be spent between 2015 – 2020. This investment will see over 11 billion connected devices installed in businesses within the same period, delivering a return on investment of $7.6 billion five years later in 2025.
This movement towards IoT is also reflected in the consumer market, with $900 million estimated to be spent by consumers between 2015 and 2020. There are set to be 5 billion IoT devices owned and connected by consumers by the same time frame, with every new IoT device a new opportunity for cyber criminals wreak havoc.
What does this mean for businesses?
The threat for businesses lies within the susceptibility of the end-user. When employees connect their work phone, their laptop or any other wireless device between both their home and office networks – and any other network, for that matter – they risk becoming a Trojan horse, potentially transferring harmful malware and viruses between each network.
With these devices now set to manage over 5 billion IoT devices by 2020, and the increased dailiness of IoT, the security risks relating to IoT are changing rapidly. In today’s world of “always on” technology and not enough security awareness on the part of users, cyber-attacks are no longer a matter of “if” but “when”.
Effective IoT cybersecurity is increasingly complex to deliver as existing security defences are coming under increasing pressure. Point solutions, in particular antivirus software, IDS, IPS, patching and encryption, remain a key control for combatting today’s known attacks; however, they become less effective over time as hackers find new ways to circumvent controls.
Most organisations already know that there are threats to their information and operational systems, as well as for their products — the step beyond is to understand the nature of those threats and how these manifest themselves.
How can you protect yourself?
So how can organisations ensure that connected devices within the office are not weakening their defence against scrupulous, albeit intelligent, cyber criminals?
- Start by drafting a cyber threat intelligence strategy that supports all key strategic business decisions
- Extend that strategy beyond the organisation itself for a more 360 degree approach so as to include partners, suppliers, services and business networks
- Adopt a cyber economic approach — Look at what value your organisation’s vital assets bring and invest specifically in their protection
- Harness the power of data and forensic information to analyse where the likely threats are coming from and when
- Ensuring that everyone including CEOs and junior employees within your organisation fully understands the threats, challenges and the defence strategy. Accountability is paramount to the success of any cybersecurity solution
No organisation or government can ever predict or prevent all (or even most) attacks; but they can reduce their attractiveness as a target, increase their resilience and limit damage from any given attack.
Justin Peters is the Technology Solutions Director APAC at Sophos.
