As the 5G networks become increasingly common, we all can expect something more than just faster browsing and less latency in our mobile devices. That’s because the fifth generation of broadband cellular networks will lay the foundation for the Internet of Things (IoT) to ramp up its shot at world domination.
In fact, you could argue that the 2020s will be the decade of the IoT, as the number of connected IoT devices is expected to almost triple during this period (from 8.74 billion in 2020 to more than 25.4 billion IoT devices in 2030). That’s an impressive amount of devices that will live all around us, powering everything from our appliances to the cities we live in, ushering in the age of smart urbanization.
Unfortunately, not everything is bright in this forecast. As comfortable and powerful IoT devices might be, they also bring a looming threat. Billions of interconnected devices mean that there’s a bigger tech surface that malicious attackers can target. And given that cybersecurity has become the biggest priority for businesses everywhere, the question emerges naturally – what can we do to secure that vast device network?
The protection challenge
To truly understand the dangers that come with the IoT, we have to go beyond the number of available devices and into their nature. Most IoT devices are relatively simple in that they haven’t that much processing power or storage capacity. Given that they are constantly connected to the internet, they don’t need to, as most of the data is processed and stored in central servers.
Edge computing (often referred to as a huge advantage for this kind of network) increases the appeal of IoT devices. Through that paradigm, devices can gather and process data on-site, without sending it to central servers. The idea is to reduce bandwidth consumption while increasing responsiveness. However, using edge computing means that all of the IoT devices that use it will have sensitive data that makes hacking them more enticing for attackers.
What’s more – there are so many threats that could affect IoT devices that the risk is extremely high. There are numerous examples of ransomware attacks targeting IoT devices but they are far from being the only attack type these devices could suffer. There’s also denial of service, passive wiretapping, SQL injections, and zero-day exploits, just to name a few.
Such a long list of threats is even more worrying when you start to think about their potential targets. Industrial surfaces are increasingly using IoT devices for manufacturing and warehousing. The energy sector is also investing in the IoT. Even entire cities are using IoT devices for traffic control and other ends. The consequences of a disruption in the activities of those networks go well beyond an annoyance – they could be extremely dangerous.
With such a scenario, it’s only logical that researchers, tech enthusiasts, nearshore software development companies, and even political actors are calling for stronger protections for a technology that’s set to become the core of our everyday lives.
What can we do
The most important thing we can do right now is to understand the dangers and recognize the need for action. The positive side is that there are several actors already taking steps to develop stronger protections for the IoT (including the Congress and its Cybersecurity Improvement Act). The downside is that we need far more than that – we need a coordinated approach to dealing with IoT security, something that today rests mostly on the manufacturers of the devices themselves.
Beyond the awareness and the potential regulation, we need a strategic approach to securing such a vast network. Under that light, a risk management approach feels like a good alternative, as it can provide visibility to everything that’s connected to the network while providing protocols and solutions to mitigate risk and remediate incidents.
Unfortunately, we won’t be able to centralize such an effort, as different IoT networks will call for different solutions. But widespread use of risk management techniques can provide different actors with a roadmap of sorts that could help to homogenize approaches and share protocols and solutions that actually work.
Some of the things experts are pointing out that could make up such a common knowledge base on IoT security include comprehensive and real-time assessments of all devices on the network with the help of AI, compartmentalization of IoT devices to increase control, use of biometrics for access, implementation of multi-layered security applications, leveraging cloud SaaS platforms for increased processing power, and shared threat intelligence among different organizations.
A fundamental issue
Finally, there’s another point that’s important I mention. As David Russo, one of my BairesDev colleagues, smartly pointed out in his article We need to fix the Internet of Things is that the IoT is fundamentally flawed. That flaw? In David’s own words, that many IoT manufacturers “aren’t entirely committed to making the best products, just making them usable with the customers acting as beta testers.”
Developing an IoT device implies considering a lot of aspects: designing and manufacturing the hardware, developing the software, securing the cloud backend, devising an updated schedule, and many other things. Sadly, IoT companies aren’t contemplating all of those aspects and are taking a reactive stance, fixing issues as users report them. Until there isn’t a more comprehensive approach to developing these products and that stance becomes more proactive, the threat level for the IoT will remain high.
I think it’s important to say that, even with all of these potential solutions and protocols, it’s impossible to create a failsafe IoT network. As it happens with everything in the world of technology, there will always be vulnerabilities and malicious actors that figure out how to exploit them. That shouldn’t deter us from our main mission as part of the tech community: we should aim for the most sophisticated security system possible for the IoT. Living always comes with risk and the IoT isn’t an exception. Thus, we should aim for an acceptable level before we keep investing in the IoT.