By Axel Hauer, the Director of EMEA Enterprise Sales, IAMS at HID Global
For over a decade, the concept of IoT has been attracting buzz from tech enthusiasts, business leaders, and consumers alike. While Internet-connected devices have been around for much longer (like the famous internet-enabled Carnegie Mellon Coke machine of the early 80s) the idea of an internet ecosystem with a substantial component of Wi-Fi-enabled smart devices has really taken off in the 21st century, with no signs of slowing down.
While a certain chatty home speaker assistant is probably the most visible example of a connected device for consumers, the proliferation of IoT devices in business, industrial, and medical settings has put their versatility on display: from automated inventory management, to industrial HVAC, to facilities management devices like cameras, thermostats, access lights, and smoke detectors, to Wi-Fi-enabled pacemakers and blood sugar monitors, and more. And these objects are capturing—and creating—unprecedented amounts of data.
In the enterprise, connected devices provide more than just convenience or novelty. They create immense cost-savings opportunities, generate valuable analytics to aid in planning and auditing, and accelerate workflows. Iconic American manufacturer Harley Davidson was able to leverage IoT technology and shrink their 21-day production schedule for new orders into a six-hour span, saving $200 million in operating costs along the way.
Ironically, the enormous upside to a robust IoT ecosystem is part of the problem when it comes to security. Filled with enthusiasm at the prospect of saving money on electricity, speeding up production, or reducing waste, many organizations have thrown themselves headfirst into the ocean of IoT possibilities—without checking for sharks. In the case of one North American casino, a fish tank’s internet-enabled thermometer was the point of entry for a devastating hack.
Accessing the casino’s network through the thermometer, hackers were able to lift 10 gigabytes of info, including sensitive data on high-roller clients, by pumping it out through streaming audio/video protocols. The vulnerability was eventually corrected, but the damage had already been done.
One of the highest-profile attacks that exploited IoT devices was the Mirai botnet hack of 2016, which scanned the internet for open ports and spammed common username and password combos to gain access to vulnerable routers and internet-enabled cameras. These devices were then used to launch DDoS attacks against French hosting firm OVH and American DNS infrastructure provider Dyn Inc.
The attack on Dyn led to outages of major sites and web services, leading people to speculate about the involvement of a hostile foreign nation. The real culprits were gamers looking to disrupt rival servers—not super-spies—but these clever hackers had already released Mirai’s code for use by other black hats.
The financial threat presented by a poorly-managed IoT ecosystem is obvious in this age of costly data breaches, but the consequences can be much more dire. For example, a 2017 report exposed serious security flaws in internet-enabled pacemakers that would leave them vulnerable to malware attacks. A similar flaw was uncovered in an insulin pump. When internet-enabled products are the difference between life and death, security is even more crucial.
Thus, delivering secure IoT device registration and provisioning through an innovative policy-driven credential delivery and management system becomes crucial. This ensures certificates can be easily rotated, renewed and managed without human intervention. Yes, the threats are serious, but the potential benefits to incorporating more connected devices are substantial, too. That’s why it’s important to approach a mixed-endpoint network with eyes wide open, keeping devices properly patched and updated and taking steps to increase visibility. With the right strategy (and help from experts) your IoT ecosystem can thrive.