Cyber Wars – Why IoT Device Hacks Are Rocketing
Here’s a cybersecurity lesson from a 479-year-old Shogun:
‘At the moment of victory, tighten the straps of your helmet’.
Tokugawa Ieyasu’s savvy advice stresses that to maintain success during troubled times, you should be perpetually vigilant and expect the unexpected. And that’s exactly the same type of discipline today’s IoT brands need to protect their devices against wave after wave of cybersecurity attacks.
According to a recent Nokia Threat Intelligence Report on all device types, the share of infections in IoT devices has risen by 100% since 2019 from 16.17% to 32.72%. These stats aren’t based on a small sample – the report draws data from network traffic on 150 million devices globally.
The perfect storm has been created by a combination of ubiquitous IoT devices with inherent security vulnerabilities, accelerating connectivity via tech like 5G, and ruthless hackers.
But your IoT brand can weather it with the right tools and guidance.
In this blog we’ll look at the current picture with IoT device hacks, break down key vulnerabilities and explain how to build proactive cybersecurity into your brand identity – so your device is perpetually protected, and your customers feel comfortable and confident.
Ready to say ‘sayonara’ to cyber attack worries? Let’s get moving.
According to our friends at Statista, the number of IoT devices will rise from 13.8 billion units in 2021 to 30.9 billion in 2025.
This is good news for IoT brands, but just as warmly welcomed by hackers who comb every crevice and corner for security vulnerabilities to exploit.
Still not convinced of the dangers? You will be after these sobering facts:
- Nokia’s analysis emphasizes ‘a shifting interest of malicious actors towards IoT devices’ and warns that as IoT devices continue to become more widespread, the number of IoT infections will ‘grow dramatically.’
- The average household is affected by 104 cyber threats each month, according to TechRadar. And streaming video devices and cameras are among the most vulnerable devices.
- A recent survey conducted by Wakefield Research revealed that most consumers aren’t aware that all connected devices have security risks and that cybercriminals can hack into devices without screens more easily than those with screens. 83% of consumers surveyed said they’re not confident that they could tell whether a non-screen device like a CCTV camera or wireless printer had been hacked.
Covid-19 has compounded the threat
Rather than taking a break during the current health pandemic, cybercriminals have been leveraging it as an opportunity to steal personal data through malware. One high-profile hack even mimicked the Johns Hopkins University Covid-19 Map (designed to keep concerned citizens informed on pandemic transmission, infection, and death rates), by luring users to the mimicked app and contaminating their devices with malware.
Risks are set to multiply as we move into the ‘new normal’:
- Thanks to remote working driving a proliferation of edge computing cloud deployments and a huge expansion of the attack surface from workers using mobile devices.
- New legislation like the IoT Cybersecurity Improvement Act (2020) raises the minimum security requirements bar for IoT device manufacturers, but it’s not a cure-all as not every manufacturer will comply and any individual weakness can compromise the entire ecosystem.
Why are IoT devices so vulnerable?
There are several reasons that IoT devices are vulnerable and (as you might have guessed) these stem from a combination of emerging contemporary threats, device design, and manufacturing legacy issues.
They’re relatively easy to hack
The industry standard for protecting IoT devices is well below that for protecting computers and other endpoints. The computer security market is highly developed to the extent that you seldom find an enterprise PC without an EDR solution installed. Any connected device must have a real-time mechanism that is able to detect and mitigate the new attacks that will inevitably arise.
Faults in the Firmware
To keep a product within budget it will often be built with open-source operating systems and external software that are free, but also often riddled with malicious bugs. It’s also not uncommon for software used within the supply chain to no longer be supported by the manufacturer. This leaves customers who are running old devices that are obsolete with a significant security flaw.
All too Attractive to Hackers
The pay day offered by hacking IoT devices is a huge incentive in itself as they offer much greater scope for potential damage, whether that be in terms of privacy, safety or availability. Whether the IoT device is a monitor, a fridge or a watch, it’s always used to send or receive data. With so much data being transmitted, protecting user privacy is a critical factor that is threatened in an attack. The heightened interaction between the physical world and the virtual world escalates the safety risk. Should a connected medical device be tampered with, the consequence could endanger human life. In regards to availability, the continued adoption of IoT naturally deepens our dependence on it. Should a device be made unavailable in an attack, by default an entire operations system can be brought down with it, bringing productivity to a standstill.
Product leaders should prioritize threat intelligence to ready themselves now.
SBD is flawed
Security by Design (SBD) has long been the baseline standard for many IoT brands – this approach means that security and privacy are considered at every stage and in every feature and function of a device.
But the problem is that the cyberthreat world moves so fast that by the time an SBD device is signed off for manufacture, it’s already vulnerable. Hackers could have found a new exploit that its developers could not have anticipated. Another inherent flaw is that it shifts the responsibility for maintaining good habits like robust passwords onto the customer – which isn’t any great assurance.
It’s not all doom and gloom by any means though, because there’s a solution that’s simple, smart, and futureproof.
Proactive Cybersecurity is the answer
Proactive cybersecurity is a drum worth banging.
Because it’s the only approach that’s robust enough to perpetually protect your IoT device against the type of unremitting attacks we’ve been talking about and help your brand win the cyber war.
A proactive cyber solution (ahem, like Firedome) offers a different dimension of device protection:
- It’s a lightweight software agent that can be installed during manufacture or as a firmware update.
- There’s full-stack security at host and network levels, including real-time malware detection, prevention, and response.
- 24/7 protection device is kept secure around the clock by an AI-based, automated security agent. Any detected events are then mitigated and neutralized by a 24/7 Security Operations Center.
Evolving threats require an evolving cyber solution as a baseline which can detect new variants of malware, but this is enhanced by expert protection that provides constant surveillance, monitoring, and analysis.
Cyber as a Feature
Another advantage of adopting proactive cybersecurity for your IoT device is that it unlocks the potent marketing power of Cyber as a Feature (CaaF).
By positioning yourself at the vanguard of IoT cybersecurity at a time when it’s facing its greatest challenges, you’re making a bold statement of efficacy for your brand – while capitalizing on the opportunity to capture cynical customers that other brands ignore.
CaaF could be the brand message that helps you differentiate from the competition and steers you towards sustained success – so it’s seriously worth sitting up and taking notice.
We’ve covered a lot of ground in this blog – here’s a reminder of the key takeaways:
- Device hacks are rising exponentially, and cybercriminals are taking a special interest in IoT devices.
- Threats are compounded by the Covid-19 environment.
- IoT devices are particularly vulnerable because they’re relatively easy to hack and yet more attractive for the damage that can be caused.
- Proactive cybersecurity mitigates against emerging risks and CaaF can be a powerful brand differentiator.
IoT attacks are on the rise but there’s a tech-savvy and customer-friendly way to protect your brand: proactive cybersecurity.
Let’s talk today about making your IoT device fit for the future