by Bharat Mistry
Tens of thousands of technology enthusiasts are descending on Las Vegas for the annual CES show next week, many of them keen to see the latest innovations in connected gadgets. The Internet of Things (IoT) will have a bigger presence than ever at the event: a reflection of its increasingly important role in the corporate and consumer world. But as Trend Micro outlined in its 2019 predictions report, the IoT also represents a major security threat, which could impact manufacturers, service providers and end user organisations in a variety of ways.
As we start a new year, the only way to mitigate this risk is to work together across industry to improve security throughout the entire IoT ecosystem.
A connected world
IoT technologies will once again be all over CES, from the smart home to connected cars, smart city systems to 5G innovations. Many of the 4,500+ exhibitors at the show will be looking to wow the 180,000+ attendees with the latest kit, with smart speakers and displays set to make a major impact this year, according to reports.
However, security remains a major challenge for the industry. Manufacturers and developers often prioritise time-to-market and usability, which can leave systemic vulnerabilities in products, while consumer and business customers may unwittingly compound cyber risk through configuration and authentication failings. It’s also true that parts of the IoT ecosystem, like some M2M protocols, are inherently insecure.
Here are just a few IoT threats to be aware of this year:
Smart home devices: will see an influx of attacks through the home router, aimed at conscripting them into botnets. These Mirai-like worm threats could work as simply as searching the internet for publicly available endpoints protected only by factory default credentials. The resulting botnets could cause major damage to businesses in the form of DDoS attacks, click fraud, crypto-mining, and much more.
Home/remote workers: could unwittingly pose a major security threat to their employers’ IT systems and data if their smart home devices are left unprotected. Vulnerable smart speakers and other gadgets could be hacked to provide attackers with a stepping stone into corporate networks.
Corporate providers of smart devices: such as healthcare organisations will need to put cybersecurity front of mind when offering IoT technologies to customers. Trend Micro predicts the first real-world victims of a smart health device attack in 2019, for example.
M2M protocols: like MQTT and CoAP present a direct threat to organisations, potentially exposing them to industrial espionage, targeted attacks and DoS via the IoT communications backbone. A recent Trend Micro report explains that service providers, system integrators, and IT teams need to minimise their M2M exposure, enhance scanning and improve vulnerability management.
Part of the challenge with IoT security is that the attack surface is extremely wide, covering mobile applications, back-end cloud platforms, endpoint devices, networks and more. There’s certainly no one-size-fits-all solution to these threats: that’s why Trend Micro is collaborating with telcos, IoT device makers, technology multi-nationals and other stakeholders to secure our connected world.
We offer Deep Security to help protect the hybrid cloud datacentre; Tipping Point appliances and Deep Discovery breach detection for network-layer security; a Virtual Network Function Suite (VNFS) for carrier NFV environments; and a Safe Lock tool which uses lockdown security software to protect critical IIoT systems. Trend Micro is even working with manufacturers to make available Zero Day Initiative vulnerability research, ensuring more products come off the production line as secure as possible.
This is just the beginning. As IoT finds its way into every aspect of our lives, we must work across industry, and with governments and regulators if necessary, to improve baseline security. The new European NIS Directive will hopefully help to drive improvements in this area, as could forthcoming updates to the ePrivacy Regulation (ePR), which are likely to mandate specific safeguards for M2M communications in particular sectors.
As we head into 2019, Trend Micro is leading from the front, but it’s down to all stakeholders to play their part in securing our connected world.