Everything from your first cup of coffee & your commute to the office, to your afternoon snack & evening walk with your dog can now be connected and tracked. This is the kind of world we will soon live in – a world where every device or appliance we use in our day-to-day is connected to the Internet. Because of how widespread it has the potential to become, the Internet of Things could easily transform how we live, work, and play. The possibilities are limitless. … Unfortunately, so are the security risks.
“Many IoT devices are consumer-oriented, which means their owners don’t have a security-conscious IT department,” writes CSO’s Josh Fruhlinger, who refers to IoT as a ‘security disaster in the making.’ “[And] because IoT is a new field, it’s dominated by companies that don’t have the same mindset as the manufacturers of mission-critical servers – and that can spell trouble.”
Here are just a few things you will need to watch out for as IoT progresses through its growing pains.
IoT Request Forgery
An attacker does not want to crack through layers of enterprise-grade security to get at your data. They seek the path of least resistance. And corporate-owned IoT devices are exactly that.
As noted by security expert Dan Miessler, attackers will potentially begin targeting IoT devices connected to corporate networks in order to gain access to data they would otherwise be unable to obtain. While many IoT devices might not be privy to sensitive information, Miessler explains that it ultimately boils down to a numbers game.
Attackers can simply keep sending bogus requests to vulnerable devices until they get what they are after.
When smartphones and tablets first entered the market, very few people considered the possibility that they might become attractive targets for malicious software. Flash-forward a few years, and at least one mobile device in every large enterprise is infected with malware. As noted by McAffee, these compromised devices represent an excellent platform for both bad actors and unscrupulous competitors.
Most businesses now acknowledge the threat of mobile malware, even if a few are still trapped in the old way of thinking. And with mobile malware an acknowledged threat, one cannot help but look at the possibility that wearable devices could end up being an attack vector, too. A pair of smart glasses or a fitness tracking watch could easily serve as a point of entry for savvy attackers, and wearable malware represents just as much of a risk as its mobile cousin.
Thanks to poorly-secured IoT devices, botnets have the potential to grow larger – and smarter – than ever before. Look, for example, at Mirai, the botnet that took down servers across the US East Coast at the end of 2016. It is one of the largest botnets of its kind, and one of the most complex.
And as most security experts have agreed, Mirai is only the beginning. Botnets are only going to grow larger and more complex as time goes on.
How Can You Protect Yourself?
The Internet of Things represents incredible potential, but also great risk. To ensure your servers and systems are protected from attack, it is imperative that you incorporate some form of endpoint management software. It is also important to install DDoS protection and a suite of server security tools – both of which are offered by Liquid Web.
As with any security threat, the new attack vectors born out of the Internet of Things are not insurmountable. It is simply a matter of knowing how they might surface, and consequently how you might protect yourself.
Carrie Wheeler is the EVP and General Manager for Liquid Web and Nexcess. Carrie’s background has given her a unique perspective on how to combine excellent products and services. In her 25 years of experience in technology, telecommunications, hosting, and cloud services (at MCI, AT&T, and Cbeyond to name a few) she has served many roles in both Information Technology and Customer Operations.
Keep up to date with the latest Hosting news.