The rapid evolution of connected technologies - many of which fall under the "internet of things" umbrella - has been both a blessing and a curse for modern enterprises. While environmental sensors, artificial intelligence platforms and machine learning capabilities have provided a variety of operational benefits for organizations across industry lines, the severe lack of built-in security is having a notable impact on cybersecurity practices.
The issue is that IoT devices are particularly prone to hacking and targeted malware, according to the Department of Justice's Cybersecurity Unit. Once infected, IoT equipment can be used to launch large-scale botnet attacks that threaten the stability and performance of private networks. To offset these threats, companies of all sizes are having to pay closer attention to the inherent risks of IoT adoption and put new processes in place to protect vulnerable endpoints.
OWASP highlights top IoT security threats
The Open Web Application Security Project (OWASP) was launched back in 2001 to help device manufacturers, enterprises and consumers understand the security risks associated with IoT integration. As part of its ongoing efforts to advocate for better cybersecurity decision-making, OWASP identified 10 IoT vulnerabilities that are having the biggest impact on users, including:
Other key IoT security concerns
Alongside weak IoT architecture and management processes, connected technologies can also be exploited through zero-day vulnerabilities that are hard to detect. For example, security researchers at JSOF recently discovered a collection of TCP/IP vulnerabilities (named Ripple20) that have existed as far back as 1997. These flaws, which were present in a popular TCP/IP stack library developed by the software firm Treck, have to do with how devices connect to the internet. The Ripple20 vulnerabilities have impacted a wide range of IoT products, from smart home devices and printers to industrial control systems and power grid equipment. While JSOF has been working closely with Treck and other cybersecurity experts to release patches, the implications of these vulnerabilities are broad and far reaching.
Targeted malware is yet another concern for IoT device operators - hackers have been modifying existing malware strains to more easily take control of connected technologies and add them to massive botnets for use in large-scale DDoS attacks, according to a 2019 article from ZDNet. These types of complex cyber attacks are only growing in frequency and scope. In fact, honeypots owned and operated by Kaspersky Labs detected 105 million attacks on IoT devices (stemming from 276,000 unique IP addresses) in the first half of 2019 alone. To mitigate these types of targeted operations, security researchers have recommended that companies use threat data feeds to track and block network connections from potentially malicious network addresses. Of course, integrating this functionality requires the right connectivity tools and data management features.
Perle offers industrial-grade networking tools that can help businesses of all sizes create more agile and secure IoT ecosystems. Our LTE routers and gateways can support the deployment of high-performance connectivity solutions by integrating location-based services and remote management capabilities at scale.
To learn more, explore our customers' success stories.