Why is security needed for the IoT ecosystem?
IoT related data breaches caused due to an unsecured IoT device or application have almost doubled from 15% in 2017 to 26% in 2019. Combine that with the latest cost of a data breach pegged at $3.92 million, and the popularity of IoT adoption (40% of households in the Western world have at least one IoT device) and you get the recipe for the perfect cybersecurity storm. The IoT ecosystem can no longer afford to be a weak target—its security should be proactively and intelligently actualized.
The rapid pace of IoT innovation has spawned millions of connected devices that have not been built with security in mind either at the software or infrastructure level. Given the diverse landscape of IoT devices and environments, there is no unifying standard for device-to-device or device-to-cloud authentication. Moreover, an IoT network has a highly dynamic approach to the way it stores and processes information. Consider the IoT ecosystem of a smart car with hundreds of connected sensors and devices and tens of millions of lines of code rapidly relaying data and performing critical tasks based on the processed insights. The very capabilities that make smart ecosystems so smart are paradoxically also their vulnerabilities.
The Mirai botnet hack, arguably the most famous IoT security attack which brought down the internet highlights all the above IoT susceptibilities—weakly protected smart bots with even weaker network security and absent communication protocols were easily hacked to create a malevolent supercomputer.
Harnessing the very same innovative technologies that are advancing IoT ecosystems can be the answer to truly securing them. Artificial intelligence (AI) can power user behavior analytics to detect and contain malicious insider attacks in time. AI and machine learning running on multiple algorithms and blockchain technology can be used to rapidly inspect interconnected systems, and isolate threats. Blockchain, with its immutable record of events, can also provide an audit-worthy trail of a breach, thus massively improving IoT ecosystem security.
“Deep learning techniques applied to the data collected by IoT devices can identify anomalies and prevent potential hacks. Additionally, security decisions can be decentralized and validated by a consensus of multiple data points. These are two important techniques that can be leveraged to secure the diverse IoT landscape,” says Asaf Atzmon, Vice President and General Manager of Automotive Cybersecurity at HARMAN International.
HARMAN Spark used technologies such as these to become the first IoT cybersecurity certified device by the CTIA, the central body of the U.S. wireless communications industry. Similarly, advanced wireless capabilities of IoT ecosystems can be used to provide automated over-the-air (OTA) updates with the latest security patches that can combat vulnerabilities detected in real-time.
Finally, cutting-edge technology must be coupled with basic cybersecurity best practices such as data encryption, and regular audits of third-party tools and services. IoT technology is widely used by organizations across domains, hence the need to collaborate to reach a consensus on secure communication protocols, security standards for IoT devices, and compliance requirements—all to cultivate a safer world that is pervasively connected.