What Security Pros Predict for IoT Security in 2017

February 27, 2017 Katie Macdonald

For years IoT security has been a cause for concern, but 2017 may be the year that IoT attacks and lack of standardized security measures become a regular issue.

According to research firm Gartner, there were an estimated 6.4 billion IoT devices in 2016, and are forecasting over 20 billion IoT devices by 2020. Despite such impressive numbers, there has been a fundamental lack of basic
security throughout the IoT industry.

For the past few years, experts have been sounding warnings about IoT security vulnerabilities, and while there have already been a few instances of IoT hacks, the flood gates finally opened with the October 2016 DDoS attack on major global websites, including Twitter, Netflix, Reddit and the UK government’s sites. The attack was reportedly powered by the Mirai botnet made up of unsecure IoT devices.

So, what does all this mean for IoT in the upcoming year? Security pros across the board have weighed in on what to expect, and we’ve narrowed it down for you:

Potential of IoT Ransomware

IoT vulnerabilities and attacks are looking like they will increase, as well as the need for standardization in various security measures. From its report, Predictions 2017: Security and Skills Will Temper Growth of IoT, Forrester says that the October DDoS attack was just “the tip of the iceberg when it comes to using connected devices to do harm.”

Chad Bacher, Senior VP of Product Strategy & Technology Alliances at Webroot, goes a step further and predicts that we will see the first ransomware for IoT devices. While IoT devices don’t generally store sensitive data and often don’t have the interfaces to deliver ransom notes, Bacher says that ransomware will keep proliferating and become even more destructive. With new data, new technologies, and new ways to profit from those at hand, criminals will find ways to reveal personal information and digital assets unless victims pay up.

Paloalto also says IoT ransomware should be expected, as the vulnerabilities already present in IoT devices will eventually give way to damage on a larger scale, for instance, shutting down a production line.

Attacks on Large-Scale Infrastructures

When people think of IoT, they see mobile devices, smart appliances for the home, and perhaps even smart cars—they don’t see large infrastructure systems, like power grids, avionics, or even railway systems. According to an interview with Matt Dircks, CEO of secure access software company Bomgar, there will be a fairly significant chance we’ll see a “major hack on power grids or on transportation systems like rail in 2017.”

The main issue here is that the public is so focused on their personal smart devices, they forget about these widespread systems and the unsecure technology that power them. Organizations must attempt to stay ahead of the curve to prevent these huge infrastructure dangers that stem from the very security threats plaguing mobile devices now.

Increase in Artificial Intelligence

Beyond threats, IoT technology will continue to develop and reach new heights in 2017. According to this article by Forbes, IoT software will be distributed “across edge devices, gateways, and cloud services,” which means that artificial intelligence (AI), as well as machine-learning cloud services, will increasingly be used to communicate and collect the data coming from IoT devices.

This is huge for industries like retail, with 30% of annual losses attributed to the inability to detect non-scanned items at checkout. The combination of IoT and AI can address issues like this at even greater calibers through the diligent gathering and processing of data. Darian Shirazi, CEO, Radius, reinforces this notion, explaining that successful data quality can help drive change and improve businesses.

However, with these advances comes the threat of new attack surfaces and maneuvers in hacking, malware, and exploitation. For IoT and subsequent technologies to succeed, the security behind it must be up to par.

Previous Article
New CAA Requirement: What You Should Know
New CAA Requirement: What You Should Know

We expect the new CAA requirement to have a small impact on the security and complexity of the web, but we ...

Next Article
OpenSSL Patches “HIGH” Security Vulnerability in 1.1.0
OpenSSL Patches “HIGH” Security Vulnerability in 1.1.0

This vulnerability does not affect SSL/TLS certificates nor does it affect versions prior to OpenSSL 1.1.0.