iconimage - Fotolia
The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices.
The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices.
But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said.
IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases.
“Connected and hackable devices and networks can be found in almost every IoT system,” said Wieland Alge, general director at Barracuda Networks, EMEA. “It is important to remember that hackers are not interested in a single IoT device. They want to obtain access to other devices and data in an organisation’s network.”
Alge said the biggest challenge is to secure data transmission and all layers of IoT infrastructure – not just consumer or single corporate devices, but servers too.
But more attention is often given to launching new IoT systems rather than creating robust safeguards, which is worrying given the security risks, he said.
Jump in breaches
According to global security consultants at PwC, there was a 152% jump in breaches originating from cloud connected devices in 2015 compared with a year earlier. This dramatic increase is driven by the hacking of devices such as smart lighting systems and other embedded sensors in the corporate environment.
Research from IDC suggests that the number of IoT devices will grow from 13 billion to 30 billion over the next five years.
This will create more opportunities for criminals to profit from cyber attacks. Europol’s Cyber Crime Centre has said hacks are more profitable to criminals than Europe’s illicit drug trade. And the black market in which hackers operate is highly organised and sophisticated.
“The IoT is a good opportunity for cyber criminals to make more money,” said Adrian Liviu Arsene, senior e-threat analyst at Bitdefender Romania. “Our investigations show that the data stolen from IoT systems is offered on a network of illegal trading sites, where hackers buy and sell large amounts of data for profit.”
Read more about IoT security
- Cyber crime defences are lagging behind IoT development, which could be disastrous for producers and consumers alike, warns Telefónica report.
- This guide to IoT security gathers together essential reading to get infosec pros up to speed on the emerging information security threats and the best means for thwarting them.
- There are five key information security risks associated with the internet of things that businesses can and should address.
Part of the problem is that safety is not a priority for organisations that want to use IoT technologies, said Zoltán Györkő, chief executive of Balabit Hungary. “First and foremost, businesses expect new hardware or applications to be faster, have a bigger screen, handle processes better and reveal insights,” he said. “Safety is not a priority in practice.
“Security is difficult to measure, so businesses are often not interested in taking care of it.”
Jan Madey, professor at the University of Warsaw, said: “Protocol SSL (Secure Socket Layer) for transmission of sensitive data on the internet was created by Netscape in the early 1990s. Older versions of SSL are still used, even in IoT systems, despite the fact that new holes are found in it almost every day.
“This means it is very difficult to change accepted and long-used standards because it requires software changes on the user side.”
Madey added: “IoT might gain widespread adoption, but it will bring lots of issues with securing data in IoT systems. It will be both a blessing and a curse.”
Safety issues secondary
IT specialsts in central and eastern Europe held discussions about the future of IoT at the turn of the year, and focused mainly on the technology’s great development prospects. Safety issues were clearly secondary threads in the debate.
“I expect 2016 to be acclaimed as the year of IoT,” said Srdjan Krco, CEO and co-founder of Serbian company DunavNET. “We will see an increase in IoT equipment production, lots of new ready-to-use [plug and play] devices, optimised for use in certain vertical markets, but built using horizontal platforms and components.
“This equipment will be widely available in different marketplaces, providing seamless end-user experience during deployment and usage, hiding away all the complications.”
Milan Vašina, CEO of Slovak Telekom, added: “IoT is likely to make the biggest impact on business, specifically enterprise mobility, in 2016. People who are not desk-bound and use mobile technology will make companies more productive and, ultimately, more profitable.”
But hacker intrusions into IoT networks, if they are significant and publicised, could discourage further innovation in the IoT space and inhibit the technology’s expected growth.
“IoT requires a change in approach to management of hosts and user authentication,” said Klaudyna Busza, senior presales engineer at Flowmon Networks. “A large number of devices connected to the network can be a target for attacks on things rather than people. For this reason, in coming years we will see a rapid increase in market demand for systems to monitor and analyse network traffic behaviour.”