IoT attacks ‘could cost up to £1bn a year’

IoT attacks 'could cost up to £1bn a year'

The financial impact of cyber attacks that target Internet of Things (IoT) devices in the UK could reach as high as £1 billion a year as the technology becomes more commonplace, new research has found.

A study by Dutch software firm Irdeto revealed this type of attack is becoming much more popular among criminals who are looking to take advantage of the fact that security measures for these devices are often still poor. 

Vice-president at Irdeto Steeve Huin said: "Insecure IoT devices and companion apps are essentially low-hanging fruit for cyber criminals, who are increasingly finding new, creative ways to turn our technological dependence into their own nefarious gain."

Indeed, the study found that in 2018, the average cost a business as the result of IoT-based attacks was £244,000, while injecting malware into the network was the most common way of exploiting these devices.

More than half of businesses questioned reported experiencing a service outage as a direct result of an IoT-related attack, suggesting breaches are becoming more dangerous in addition to being more widespread.

As more and more IoT products are introduced into critical industries, including healthcare, transport and manufacturing, the potential for hackers to take advantage of poorly-defended gadgets is only set to grow.

"If not addressed, a lack of IoT security could pose a serious financial threat to the wider UK economy," Mr Huin said. "With so many devices entering the market and being deployed in critical businesses, the need for improved security measures is without question."

The potential risks posed by unsecured IoT solutions was also highlighted in a separate report from network security firm Zscaler, which found as much as 90 per cent of data traffic on IoT devices is unencrypted.

This could leave firms exposed to man-in-the-middle attacks, where hackers are able to insert themselves into a network and intercept traffic, to either steal or manipulate the data.