IoT Security—Will History Repeat Itself?

IoT Security—Will History Repeat Itself?

The Internet of Things (IoT) refers to a network of endpoint products and objects that can be accessed through the internet. At a high level, the goal of this network is to make our everyday experiences simpler and more efficient. This evolution is a logical step forward in an increasingly connected world that favors optimized performance.

However, as we move into a more interconnected era, a critical new question emerges: given the difficulty of implementing cybersecurity practices in both our professional and personal lives—and the mixed success we have had in doing so—are we truly ready to secure IoT devices and products?

Our cybersecurity landscape is filled with cybercriminals and cyber spies, while widely known vulnerabilities are constantly exposed and publicized. These threat actors have proven to be well resourced, innovative, and persistent in exploiting both known and unknown weaknesses. A 2014 HP report showed that 70% of IoT devices were vulnerable to hacking, giving malicious actors even more opportunities to gain unauthorized access in pursuit of their goals.

Security experts have repeatedly discussed the challenges IoT poses. In 2015, there were 4.9 billion connected products in use, up 30% from 2014, and that number was expected to reach 25 billion by 2020. The growth of these devices makes our networks more complex and, in turn, increases the scale of potential damage. Despite these looming cybersecurity concerns, we continue to embrace IoT technology without adequate security planning.

The IoT era brings more security questions than answers. Some of the more urgent issues include, but are not limited to:

Privacy concerns: One lesson we learned from smartphone technology is that it often collects information about users without their knowledge or explicit consent. According to one source, sensor technology in smart devices can collect 30% of the world’s data. Similarly, IoT devices will do the same and may potentially be used to build detailed consumer profiles. Who will have access to this data, where it will be stored, and how it will be protected are all questions that still need answers.

Expanded surveillance: As IoT devices become integrated into every aspect of our lives and begin “talking” to one another, there will be more opportunities for unnecessary monitoring. There have already been documented cases in which intruders compromised internet-accessible household devices. In April 2015, a baby monitor was hacked, allowing the attacker to control its camera and speaker functions. Any device with visual or audio capabilities may be vulnerable to takeover if compromised.

Protecting the network: Whether at home or in enterprise environments, every IoT device connected to a network must be properly monitored and patched. Even lapses in basic cyber hygiene can significantly increase risk. Given that many vulnerabilities result from poor patch management, this is a major concern. Once IoT devices are integrated into personal or business networks, they become potential entry points for malicious actors. Attackers no longer need to focus solely on targeting individuals through their computers, laptops, or mobile phones—IoT gives them the chance to compromise seemingly harmless devices and potentially gain the same level of access.

This is the dual nature of IoT: the same technology designed to touch every aspect of our lives can, if exploited, pose a serious threat to the security of our information. If unauthorized access is already a major security issue, that threat will grow substantially as more and more devices are inevitably added to the network.

It is often said that today’s internet was built and developed for performance and usability, not with security in mind. Our cybersecurity reality certainly reflects that argument. A 2014 report estimated that the global economic losses caused by cybercrime and cyber espionage reached $445 billion—a sobering figure that suggests we are not adequately prepared to handle the threats we face.

Before we fully embrace IoT, it would be wise to pause and consider how to build these devices on a foundation of security so that we are prepared for future threats. Technology is clearly moving in the direction of IoT, with the goal of transforming our lives through efficient, interconnected communication and data exchange. Failing to prepare the necessary security measures before fully adopting these devices will lead us to make the same mistakes all over again.

Intelligence can be built into devices, but common sense cannot. There is a reason people say that those who fail to learn from history are doomed to repeat it.