The global Internet of Things (IoT) market will likely reach trillions of dollars in the coming years.
According to Gartner, there are now 8,4 billion IoT devices implemented, and that number is expected to grow to 20,4 billion by 2020.
Indeed, Gartner is sometimes seen as one of the more conservative analyst firms when it comes to IoT market growth. IHS estimates 30 billion by 2020, and the semiconductor maker SoftBank predicts a trillion by 2035.
Whatever the numbers, most industries are already frantically adapting to the many challenges and opportunities ahead. Few, however, are as excitably pressurised as the telco community.
The big problem when grappling with IoT, particularly against a backdrop of 5G imminence, is that cybersecurity is often an afterthought. This is dangerous. According to the recent Hunt for IoT threat intelligence report from F5 Labs, IoT devices are now hackers’ top target.
When it comes to IoT, and specifically devices connected to mobile networks, there are numerous key threats to consider.
Beware the Things!
A Thingbot is something with an embedded system and an Internet connection that can be co-opted by a hacker to become part of a botnet of networked things.
The Hunt for IoT report notes that thirteen Thingbots were discovered in the first half of 2018 alone, and they are no longer single- or dual-purpose bots. Six were discovered in the entirety of 2017 and nine in 2016. 74% of Thingbots we know about were developed in the last two years.
F5 Labs also identified an attacker shift towards easily hireable multi-purpose attack bots deploying proxy servers.
Service providers tempted to deploy low-cost, poorly protected devices in any shape or form need to be wary.
Unfortunately, the threat surface is constantly widening due to manufacturers and service providers continuing to rely on weak default credentials. F5 Labs found that a staggering 88% of the credentials in the top 50 most attacked list from January 1st to June 30th last year had the same username as the password. This includes 'root:root', 'admin:admin,' and 'user:user'. It is a veritable open goal for hacker neophytes, and they only need access to a single networked device to spread widespread havoc.
Strong, frequently changed passwords might seem like quick fix but it isn’t always enough. The logistical knottiness of a huge volume of connected devices can quickly turn into an intractable operational headache. That’s why service providers must consider other, more robust authentication methods including SIM-based verification and device certificates.
Working on the edge
IoT devices are usually connected to a central network, which means sending information back and forth can be time-consuming. Edge computing aims to address this by moving data processing closer to the device (at the edge of the network).
While the technology has clear advantages, it can be tricky to adequately monitor and protect data distributed across such numerous and diverse sources. To make it work, service providers need to secure services end-to-end through network security controls such as firewalls, as well as application-layer security devices like Web-Application Firewalls (WAF). To make sense of the sheer sprawling volume of it all, it is also essential that security policy deployment is consistent and automated.
Revenue leakage
At times, organisations overlook the fact that a service itself is open to bottom-line hurting abuse.
Consider the connected vehicle, which is essentially an over-sized smartphone and, as such, requires a SIM card to ensure constant Internet connectivity. This means a user could potentially use the SIM card in other devices to, for example, access free browsing. Unchecked, this kind of revenue leakage can become a big issue due to the sheer volume of customers in play.
New network security controls are obviously required moving forward. It is critical to ensure that connected cars - or indeed any IoT device can only access the services and networks they are supposed to. These kinds of challenges are of course just the beginning.
Don’t get distracted
It is easy to get distracted by the latest tech and start straining to innovate for innovations sake. Service providers need to focus on quality, consistency and security of service. The IoT opportunities ahead are immense, but it could all come crashing down if (the) things are not architected with a security-first mindset. Consumers are increasingly savvy and will soon ditch anyone prone to vulnerability, inconsistency and sub-par performance.
Media Contact
Roger Field
Wallis PR
+971 50 273 9936
F5@wallispr.com
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
