How IoT will impact the IT security landscape

| 31st August, 2016

End point security will become a major challenge for CIOs

Advances in the area of IT have been happening at such a quick pace that science fiction is becoming science fact. Robotics, Artificial Intelligence, Augmented and Virtual Reality and the Internet of Things (IoT)—they are all here.

IoT is becoming a "thing": distributed technical architectures that combine sensors, intelligent systems, connectivity, platforms, and analytical capabilities. These IoT systems are evolving into fully formed use cases for remote health monitoring, connected cars, smart utilities, and many "things" that are poised to deliver great value and create new markets.

IoT is growing at a very fast speed because of the advent of IPv6 and the near ubiquitous Wi-Fi networks. It is estimated that by 2020, the number of active wireless connected devices will exceed 40 billion.

While IoT promises to deliver great value, the adoption and proliferation of IoT capabilities also bear new risks. Security is of paramount concern for many participants in the marketplace as they realize how usage scenarios may be affected by compromises to the confidentiality, integrity, and availability of the data as well as the productivity and propriety of the components themselves.

CIOs should be ready to handle IoT security challenges, especially from end point security point of view. The challenges could come from anywhere. It could be in the form of surreptitiously sniffing RFID, Bluetooth, and NFC communications or compromises to ATM machines, insulin pumps, heart pumps and, most recently, cars.

For cyber criminals, more connected devices mean more attack vectors and more possibilities for hacking. Researchers have found that there are critical vulnerabilities in a wide range of IoT systems: from baby monitors (cybercriminals can hack into them and monitor live feeds, change camera settings and authorize other users to remotely view and control the monitor), to taking control of Internet-connected cars (they can unlock the doors and even shut down a car in motion). Hackers can use the motion sensors embedded in smartwatches to steal information from users, or gather health data from smartwatch apps.

In the case of smart cities, hackers can potentially take control of a city’s power and water systems or shut down an entire city. There have been rumors of live cyberattacks against SCADA systems causing the large power outages in recent years, which probably are untrue but the danger is real.

CIOs have to be mindful of the key risks associated with smart devices: generally, they are difficult to secure and they pose a data exfiltration risk. Also, they are often overlooked for security patches, as they are accessed and managed remotely.

To deliver on the promise of the Internet of Things, CIOs must build security (in products) through strong software development practices and in-depth code reviews prior to shipping. But the complexity of these systems and the ongoing debate about what aspect of a system is "a bug or a feature" also mean that security solutions will be necessary to address some risks while IoT capabilities are in production.