IoT security issues have been with us for as long as IoT has been a ‘thing.’ But it seems that IoT attacks are becoming personal.
There are some eye-watering statistics out there about how fast IoT is growing. According to Forrester, via Security Week, there are 127 devices being connected to the internet every second of every day. This stat probably sounds scarier if you present it as roughly 11 million a day.
Monitoring that level of connection by security professionals would be a challenge and a half. Monitoring that level of connection by people and companies whose job is to make a better car or kettle, fridge or coffee maker is mind boggling. In fact, impossible.
Of course, IoT security is a more straightforward process than protecting devices with humans sitting in front of them, wondering whether that offer is too good to be true or whether there really are billions of dollars in a warehouse in Nigeria waiting to find a good home.
A machine has one job and it can be managed by other machines. In fact, IoT (or ways of making your company and its products more efficient) and therefore IoT security is one of the better use cases for AI. Even ‘basic’ AI (the fast look-up kind) is a key tool in the defence of what is becoming an ever more attractive attack vector.
The risks and rewards around IoT security are also a key issue.
What, security professionals might ask, is the worst that could happen if a coffee pot was hacked? Damnit, you might get a double fluffy whipped macchiato with an extra shot instead of a black coffee.
What, security professionals might ask, is the worst that could happen if a pacemaker was hacked? That is more serious. A lot more serious.
The report and survey from Forrester that we mentioned earlier also pointed to two-thirds of respondents knowing of an attack on an unmanaged IoT device and a report being presented to procurement executives says that 90% of consumers do not trust the security around IoT devices.
IoT security is an enormous issue and growing as fast as the ‘IoT’ itself. The good news is that we are dealing with machines not humans, which makes things a lot simpler. It is a question of prioritisation, training, awareness and plugging into the security professionals’ networks.
After all, they tend to love this stuff.