Trends in Cybersecurity: IoT – Unsecured Hacker Targets

The issue of cybersecurity has become more prevalent in recent years. Hackers are finding new ways to adapt to the ever-changing technology market, and with every step forward in the innovation of technology, cybercrime takes a leap. What were the predicted trends for 2017, and have they come into fruition during the first few months of the year?

This article is part of a four-part piece which will be posted in subsequent weeks.

Part one – Trends in Cybersecurity: Popularity of Ransomware

Part two – Trends in Cybersecurity: IoT – Unsecured Hacker Targets

Part three – Trends in Cybersecurity: Threat from mobile devices

Part four – Trends in Cybersecurity: Security Skills Shortage

Trends in Cybersecurity: IoT – Unsecured Hacker Targets

On a daily basis, billions of new Internet of Things devices are connected to corporate networks around the world. Many of these remain unsecure and open to exploitation by hackers. As connected devices within organisations continue to grow and develop, so too does the risk of these networks being exposed. It only takes one weak link in a chain of connected devices to compromise an entire network.

Due to the competition within the IoT marketplace driving prices down to make products more affordable, device security has taken a back seat. Many IoT items are passed onto consumers with generic usernames and passwords that are not subsequently changed by the end user, meaning they are easy to infiltrate. Gartner predicted that worldwide spending on IoT security would reach $434 million during 2017, but that this would still not be enough to cope with the scale of the problem. They further predicted that by 2020, in excess of 25% of all identified attacks in enterprise will involve the Internet of Things.

Hacks in the form of DDoS and Ransomware (covered in our previous blog post here ) are the most popular. Cybercriminals were predicted to target a range of internet-connected endpoints, such as surveillance cameras and Wi-Fi speakers, and employ them for DDoS attacks – impacting on organisations as well as individuals. In line with this, vendors were expected to work in new security precautions into their devices to protect them. As a result, though the volume of attacks is likely to continue to increase throughout the year, the damage they do will reduce as steps are taken to minimise device vulnerability.

At the RSA Conference 2017, the threat posed by IoT was discussed in detail. Charles Henderson (Global Head of X-Force Red, IBM Corporation) discussed how he is able to remotely control a car he has not owned for some time, as well as key talks from James Lyne (Global Head of Security Research, Sophos and SANS) and Robert Graham (Errata Security) around the security issues that are affecting IoT in 2017.

At the Mobile World Congress 2017, Avast revealed that in their most recent experiment they had determined that 5.3 million devices in Spain; including smart kettles, coffee machines, garage doors, fridges, thermostats and many more were vulnerable to attack. They warned attendees about the ramifications of an IoT device takeover within the home. This would allow the hacker to gain access to smart household items and instruct them to do things; for example; instructing a kettle to begin to heat water. In addition, smart devices have the capability to store behaviour information, as well as financial information of the end-user – posing a further security risk should these devices be compromised.

The popularity of IoT devices shows no sign of slowing down, and as a result it is vitally important that any preventative security procedures that can be done, are carried out. It will be interesting to see the role the Internet of Things plays in any cybercriminal activity during the remaining months of 2017.