The Internet of Things (IoT) – that network of connected physical devices that is revolutionizing our daily lives – may be convenient, but it also presents massive cyber security risks. Many IoT devices simply aren’t made with the security features found on laptops, desktops, and some smart phones and tablets. They’re wide open to hackers, and that’s a big problem.
Today in the U.S., consumers use 6.4 billion connected devices1, or 25 connected devices per 100 residents, and that number is expected to more than triple to 20.8 billion by 2020. That means literal millions, if not billions, of connected devices are vulnerable to security breaches in the United States alone. Here’s what needs to happen to make those devices more secure – and the sooner, the better.
Manufacturers Need to Take IoT Security Seriously
When home PCs first began to get popular in the 1990s, many were built without real security features because security wasn’t an issue that PC and software manufacturers were really aware they should be concerned about. Most PC users didn’t get on the Internet at the time, and even among those who did, slow connection speeds meant that viruses moved relatively slowly. As connection speeds increased and Internet connectivity increased with it, PC and software manufacturers improved their security measures.
IoT device manufacturers don’t have the excuse of not being aware that security breaches could be a problem. But nevertheless, many IoT device manufacturers still build devices without standard security features. Some use older software that’s no longer being patched, or unpatchable device drivers written in binary code instead of real source code. Still others put off security testing until the production phase, when it’s too late to make changes.
Simply planning to implement patchable software, drivers, and security features during the design phase could go a long way towards making the IoT more secure. Even a change as simple as requiring users to change login credentials upon first use could put up a wall against the easiest and most widespread form of data breach, which occurs when hackers obtain the default user names and passwords assigned to new devices. Most users won’t change that default information if they don’t have to.
IoT Devices Need to Receive Regular Software Updates
There’s a reason why your PC automatically initiates regular updates. It’s because automating updates ensures that most systems will be updated regularly, and those regular updates are essential for system security. IoT devices, however, often don’t have regular software updates; many don’t receive software updates at all.
So, what’s the problem? Hackers develop new threats and discover new vulnerabilities all the time, and software updates help keep systems and devices abreast of those developments. The longer a device or system goes without updates, the more vulnerable it is to hackers. Manufacturers of IoT devices need to provide regular software updates, just like PC manufacturers do.
New Security Solutions Need to Be Implemented
Of course, new devices need new security solutions in order to protect against data breaches and other cyber attacks, like the one that recently left guests in an Austrian hotel locked out of their keycard-enabled rooms. Many new technologies are emerging that can help make the IoT more secure. Xage has recently developed a security solution for IoT that uses blockchain to create a secure connection between devices. Other solutions for endpoint security include:
- Machine-to-machine two-factor authentication that can provide the security of a second factor, without the need for a human to enter credentials;
- Biometric logins;
- Full encryption of data in transit between devices and at rest;
- Use AI, machine learning, and other big data techniques to analyze data related to IoT security breaches;
- Creating API security that allows for the authentication and authorization of the movement of data between devices, applications, and systems.
Companies hard at work on these include Cisco, Darktrace, Symantec, Entrust Datacard, and DigiCert. There’s no single security solution that will work for all IoT devices in all environments; a combination of solutions will need to be implemented to make the IoT, and its users, as safe from data breaches as possible.
If you’re worried about the security of your devices, you have every right to be concerned. Many IoT devices have serious security flaws. But, with some changes to the way these devices are developed and manufactured, combined with new security technologies being developed, IoT security can be vastly improved, and the threat of data breaches greatly diminished.