Cyber Security Threats
 in the age of IoT

Infocomm leaders face two hugely conflicting pressures today. Told that they have to digitise, they rush to harness the data from sensors for analysis. Warned of the dangers of cyber attacks, they try to tighten up defences and cut off connections.

Too often, these two impulses are at odds. Fail to build security into the design of one’s infrastructure and apps, and the loopholes are easily exploited by hackers at great monetary and reputational cost. Clamp up too much and employees cannot do their work. 

The recent cyber attack on SingHealth in Singapore has reinforced the idea that it is a matter of when – not if – one’s cyber defences are breached. And the situation is going to get tougher, not easier, with the proliferation of Internet of Things (IoT).

There will be 20 billion to 30 billion such connected devices by 2020, up from 10 billion to 15 billion in 2015, according to consultancy firm McKinsey. Yet, enterprises are not ready for the security risks they bring, it found out in 2017¹.

While 75 per cent of experts in the field say IoT security is important, only 16 per cent believe that their company is well prepared for the challenge that it brings, McKinsey revealed in a study of 400 managers from Germany, Japan, Britain and the United States.

Unfortunately, in the rush to roll out IoT devices, security has been relegated to the backseat until recently. As a result, companies hit by cyber attacks risk losing customers’ private data in the process. They could also be used to attack other sites, in a distributed denial of service (DDoS) attack.

To see how vulnerable IoT is today, we only have to look at the digital door lock. Early versions often do not come with firmware updates that help protect against vulnerabilities that are discovered years later. This means thousands of doors are potentially susceptible to attacks.

Today, some models enable users to update the firmware like how they would update a PC regularly to patch up vulnerabilities. These cost more and are slowly gaining traction, but many other IoT devices have been slow to offer such updates. Plus, many are already deployed in the field, without adequate protection.

The ramifications are only beginning to show. In 2016, the Mirai botnet² made up of compromised IoT devices like Internet cameras took down key Internet services worldwide in one of the largest distributed denial of service (DDoS) attacks so far.

Companies deploying IoT sometimes even have to contend with potentially deadly consequences if the devices are not secure by design. In August 2017, the United States authorities recalled 465,000 pacemakers after discovering security flaws. Potentially, a hacker could make the batteries run down or even modify a user’s heartbeat, reported The Hacker News site³.

And as users become more aware of data protection, along with laws now forcing organisations to guard data more stringently, the most important issue when it comes to deploying IoT is one of trust.

Trust is needed if consumers are to trust their data being collected by wearables and analysed online. Trust is needed by plant managers whose sensors guide them on important manufacturing decisions.

For a successful IoT rollout, an enterprise has to overcome the roadblocks that the technology currently faces. It has to have security baked in from the start, so data protection and privacy are central to the process, not afterthoughts.

One big headache with IoT today is the lack of standards for many devices. Another is the lack of security built into usually low-power sensors that are smart enough to send signals through (for a DDoS attack) but not protected with any substantial defence.

It is crucial to find a technology partner that is able to address these two issues. There has to be an upgrade path to connect to future standards, so the connected devices do not become obsolete when new security patches come online.

To beef up defences, sensors may have to be checked at the edge of a network by a gateway, for example. This verifies that the data is indeed authentic and that the sensor has not been tampered with.

While there are many technical solutions today to address IoT security, infocomm leaders need to have the initiative to act fast. Knowing that an IoT deployment is at risk means moving swiftly to mitigate it, even if the network seems to be running fine today.

The effort also has to be a continuous one, not a one-off project. As those who are in the cyber security field will say, it takes non-stop vigilance to keep out an intruder but only a single misstep to let one in.

The same applies to IoT. Many industries had leapt ahead to reap the benefits that the technology has to offer but are now realising they have to close the gaps that were left open previously.

For a precedent, we can recall wireless networking in its early days. When it was first available in the late 1990s, there were multiple standards, including the Wi-Fi we know today. The technology was not as secure and there were many worries about wireless signals leaking out.

Over the years, the industry has come together to tighten up the loopholes, for example, through better encryption and best practices at the workplace. Wi-Fi is both convenient and relatively secure today.

IoT can be the same. While enabling enterprises to gain insights through its reach, the technology can be made secure as well. When that happens, going digital and being robust with cyber defence would not seem so conflicting. They will be both important components of a successful transformation. 

To learn more about how StarHub can help strengthen organisation’s security posture, or to know more about cyber security protection, please visit our business page at “Securing my business” or call 1800 888 8888 or email business@starhub.com. 

Follow StarHub Business on Linkedin for the latest business updates.