The Internet of Things (IoT) is a growing network of physical devices, vehicles, and appliances that are always connected to the Internet. These devices exploit connectivity in order to function, offer numerous services, and perform cutting-edge tasks.
These devices have the potential to greatly benefit companies by providing valuable information for decision-making and strategic planning purposes. They can also serve as helpful tools for everyday citizens, streamlining tasks and improving overall quality of life.
The main IoT devices include:
Smart Home Speakers: smart devices with in-built virtual voice assistance technology that users can use to communicate and perform tasks.
Smart Cars: vehicles that receive and transmit information in real time, connect to other vehicles, and adapt their behaviour to their surroundings. Their purpose is to simplify driving, reduce fuel consumption, and prevent accidents by improving road safety.
Smart TVs: TVs that allow users to connect to apps, streaming platforms, and other devices via the Internet.
Smart Watches: watches that are connected to smartphones. These devices enable a variety of traditional activities, including reading and sending messages, making and receiving calls, checking weather forecasts, listening to music, monitoring physical activities, and tracking sleep patterns and heart rates.
Smart Factory: a key Industry 4.0 concept, smart factories enable the monitoring of production, work safety, maintenance, quality control, material handling, and waste management, among other things.
According to research carried out by IoT Analytics, the number of IoT connections increased by 8% between 2020 and 2021, reaching 12.2 billion active endpoints. It is estimated that there will be an 18% growth to a total of 14.4 billion connections in the near future. Added to this is the estimate that by 2025 there will be 27 billion IoT connections, roughly four IoT devices for every person on the planet.
Despite the numerous opportunities that the Internet of Things provides, like any emerging technology, it poses several challenges. One significant challenge is that network-connected IoT devices communicate with each other by exchanging sensitive and unprotected data, making them particularly vulnerable to security breaches.
These types of ecosystems are prone to becoming targets for cyber attacks, primarily because they are challenging to manage and because malicious attackers find the data they hold incredibly attractive.
In addition, the introduction of IoT devices into households can create new entry points into potentially low-security environments. When working remotely, employees are more exposed to malware and attacks, which can use personal devices to access the company network.
Despite the dangers posed by security threats, the cyber security of the Internet of Things is neglected and little explored. The unforeseeable chain reaction of vulnerabilities and inadequate security measures in the context of the Internet of Things has a significant impact on the overall security of the Internet. Ensuring that IoT devices are secure is the shared responsibility of stakeholders: manufacturers, companies, and users.
- Manufacturers must prioritise security, starting from the design phase, and follow up with penetration testing to identify and eliminate any potential vulnerabilities in the system or device before it goes into production.
- Companies should have a system in place to accept vulnerability reports from external entities on their products.
- Users need to gain a better understanding of the security risks involved in connecting these devices and their role in protecting them. Changing default passwords, updating firmware, and choosing secure settings, among other things, can mitigate risks.
Some companies may overlook the importance of securing all IoT devices and only focus on endpoint security, which can pose a risk for the entire company if other devices are left vulnerable to cyber attacks due to inadequate protection measures.
According to Statista, one-third of companies that use IoT devices believe that cyber security issues are linked to a lack of employee expertise.
In fact, a lack of specific skills and expertise results in IT security malpractices, such as using weak and generic log-in details or neglecting software updates and bug management.
Some of the main threats include on-path attacks, which involve intercepting the communication between two devices and stealing data during transmission, decrypting credentials, and denial of service (DoS) attacks, which entail taking control of an IoT device and injecting falsified traffic data to overload the server and prevent administrators from accessing it.
The existence of various potential attacks highlights the importance of including IoT security in a comprehensive cybersecurity strategy. Such a strategy should provide protection against all forms of cyberattacks on various types of devices to be considered comprehensive. Therefore, it is important to follow good practices that enable users to benefit from IoT devices while ensuring their proper protection, being vigilant, and giving priority to their security.