Support Login
 

Mitigating IoT security risks through the use of deception technology

 

Mitigating IoT security risks through the use of deception technology

The internet of things is growing rapidly, and IoT-enabled devices are beginning to appear in all aspects of our lives. This not only impacts consumers, but also enterprises, as it is expected that over 50% of all organizations will have some form of IoT in operation in 2019. The number of IoT-connected devices has risen exponentially, and that growth shows no sign of slowing as Gartner forecasts that more than 20 billion internet-connected appliances and machines will be in use by 2020 — a number that, even now, has surpassed the world’s population. With more and more companies developing internet-enabled devices ranging from doorbells and security cameras to refrigerators and thermostats, it comes as little surprise that threat actors are discovering new vulnerabilities and developing new ways to exploit them.

oT presents an unconventional attack surface, opening additional access points where attackers can establish a foothold and exploit corporate networks — often undetected by traditional perimeter defenses. A recent Kaspersky Labs report confirmed that these weaknesses are being exploited with alarming regularity. In the first half of 2018 alone, researchers identified three times as many malware samples attacking IoT-enabled devices than in all of 2017 — and 10 times the 2016 total. Not only are attackers aware of these vulnerabilities, they are targeting them at an accelerating rate.

Recognition of this threat is growing, not just within the industry, but within law enforcement as well. This August, the FBI issued a public service announcement titled “Cyber Actors Use Internet of Things as Proxies for Anonymity and Pursuit of Malicious Cyber Activities.” The PSA warned both manufacturers and users of IoT-enabled devices of the vulnerabilities inherent to the network and common ways that attackers attempt to exploit them. While the PSA also made a number of suggestions regarding how to address these vulnerabilities, these recommendations are neither comprehensive nor enforceable.

States, too, have begun to take notice, and this year California became the first state in the U.S. to pass a bill regulating IoT security. The bill, SB-327, will require manufacturers to equip connected devices with a “reasonable security feature or features that are appropriate to the nature and function of the device” when it takes effect in January 2020. The bill also includes specific security measures, including a mandate that smart devices must come preprogrammed with a password “unique to each device manufactured”– a statute aimed at addressing one of the most well-known IoT vulnerabilities, and one famously exploited by malware such as the Mirai botnet.

Read More>>>

No Comments

Post A Comment

19 + six =