Securing the IoT in a world at risk

Securing the IoT in a world at risk [Image: artisteer via iStock]

The World Economic Forum (WEF) has issued its Global Risks Report, a document it publishes every year.

This year, cyber security is a high-ranking risk, coming in at third, behind extreme weather events and natural disasters. According to the WEF survey respondents, cyber attacks and data theft are two of the risks most likely to happen.

The WEF explained that attacks against businesses have almost doubled in the last five years, and that incidents that would once have been considered extraordinary are becoming commonplace. The financial impact of cyber security breaches is also rising, with some of the largest costs in 2017 related to ransomware attacks, which accounted for 64 per cent of all malicious emails.

Notable examples, according to the report, included the WannaCry attack – which affected 300,000 computers across 150 countries – and NotPetya, which caused quarterly losses of $300 million (£212 million) for affected businesses.

Serious cyber attacks

The report also found that another growing trend is the use of cyber attacks to target critical infrastructure and strategic industrial sectors. This has raised fears that a worst-case scenario could see attackers trigger a breakdown in the systems that keep societies functioning.

Explaining how serious threats to the Internet of Things (IoT) are, the report’s authors said “cybercriminals have an exponentially increasing number of potential targets, because the use of cloud services continues to accelerate and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020”.

This highlights just how risky the situation is.

Action needed now

It is so risky, in fact, that a report – ‘Internet of Things: Pinning down the IoT’ – compiled by the Cyber Security Research Institute and F-Secure has found that industry experts believe that in its current form, the IoT represents a considerable threat to consumers due to inadequate regulations regarding security and privacy.

F-Secure said “swift action is recommended to avoid a predictable descent into a dystopian future”.

With the number of connected devices now expected to exceed the human population, the company said, the IoT is “already nearly inescapable”. It pointed to the fact that millions of connected devices have already been compromised to be used as part of the Mirai botnet.

Meanwhile, many consumers remain unaware of the inherent risks of their connected devices and that manufacturers often rush to get products to market without taking basic security requirements and settings into consideration.

The report states: “This situation could create an even more frightening scenario than the UK tabloid newspapers’ ‘phone hacking’ scandal, due to a massive adoption of insecure IoT devices.”

Mikko Hypponen, chief research officer of F-Secure, said: “Eventually almost every household device will be online, and they will largely be invisible to the end user as a smart device.

“They will look like dumb devices, but they will be smart devices, though they won’t offer any features to the consumer because the real reason for them to be online will be for them to report home and report analytics to the company that built the device.”

An IoT for the future

F-Secure explained that the laws of supply and demand have not yet resulted in an IoT built for the future. The company said that manufacturers will only prioritise security if consumers demand it.

However, because of the “extraordinary dependency” our society is likely to develop on the billions of connected devices that we currently use, governments could have to get involved to demand security requirements from manufacturers.

The report said that, in addition to educating consumers about the risks of existing IoT devices, governments must also address the quality of technology consumers are using in their homes.

It recommended that product manufacturers should be regulated to ensure products that come to market are not lacking in security or privacy measures.