https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


iStock / Thinkstock

The competition

In an IoT World, You Must Fight Off Both Hackers and Rivals

Would you rather be hacked or be disrupted?
  • Written by Brian Buntz
  • 2nd February 2017

The question above may seem like a false dilemma, but many of the organizations that stand to benefit from IoT technology face something of a Catch-22: They can exert great caution in deploying connected technology, thereby minimizing their chances security breaches, but also slowing them down, putting them at a competitive disadvantage. On the other hand, companies that are cavalier in how they deploy IoT technologies increase their risk of getting hacked.

A better option is to play hardball, being prepared for hackers while mapping out a strategy that leverages the power of IoT technology to drive ideal business outcomes. Hoping hackers won’t target you is a strategy doomed to fail. “If someone is targeting you, they are getting in,” says Michael Patterson, CEO of security firm Plixer. To prepare for cybercriminals, enterprises should closely monitor network traffic so that when the bad guys do get in, you can determine how and when it happened, and take steps to get them off the network as soon as possible.

Hold Tech Vendors Accountable

Of course, all of the responsibility shouldn’t lie with the companies deploying IoT technology. IoT device makers should “take responsibility” by designing security into their products, recommends the analyst firm Juniper Research. The industry needs big-name vendors like Amazon, Google, and Samsung to help develop best practices for the entire industry, Juniper Research adds.

Plixer also suggests that ISPs get more involved in fighting DDoS attacks by following standards outlined in BCP38, a standard designed to prevent the spoofing of Internet traffic first described in 2000. The problem that a series of coordinated DDoS attacks could take down the Internet remains a possibility. Meanwhile, many ISPs eschew responsibility, Patterson says. “They are saying: ‘look, we aren’t the target of the DDoS attacks; we’re just hosting the machines that are participating in them.’”

Understand How Hackers Think

In one sense, hackers are like ordinary people. They get thrills out of finding a creative solution to a challenge. But unlike most ordinary people, they enjoy breaking the law.

If you go by the stereotype, a hacker is a lone-wolf type toiling away in a basement somewhere to cause havoc. Frequently, hackers form teams and collaborate to develop a plan of attack against a valuable target. Sometimes, they devote months or even years before they strike.

Related: The IoT Security Equivalent to a Doberman

Many companies that develop connected technology underestimate them, thinking that a simple strategy will keep them at bay.

As a case in point: In January, President Trump recommended that the best way to keep information away from hackers is to use a huge air gap—for military networks and pretty much any other kind of system. “The problem is that hackers are figuring out how to jump air-gapped computers,” says Plixer’s CEO. “If they can infect computers with a USB, and infect the computer next to it, they can wirelessly pick up signals and figure out what data is on that computer.” For more evidence that air gapping isn’t bulletproof, just consider how much damage the Stuxnet virus did to the Iran’s air-gapped nuclear facilities in 2010.

The bottom line is: the threat is constantly evolving. The kinds of attacks are changing, as are the types of attacks. Several years ago, hackers often sought to get credit card numbers for self-enrichment. Now, however, banks have learned to react quickly at preventing and mitigating credit-card fraud. As a result, some hackers are looking for different targets—including healthcare. “The bad guys see healthcare as an extortion-rich target,” says Bob Noel, director of marketing and strategic partnerships at Plixer International. “Hackers know that, if they can breach healthcare institutions and cause havoc, those institutions will act quickly prevent or mitigate problems. They are more likely to cough up cash,” Noel says.

It’s for that reason that Noel expects a growing number of hackers to launch DDoS and ransomware attacks against healthcare institutions.

Beware of Script Kiddies

Here’s another fact: It has never been easier to become a hacker. There is a burgeoning community online of sites that help anyone interested in learning about cyberattacks download the code to launch them, or even find training from more experienced hackers.

There is a growing group of less-experienced hackers—pejoratively called “script kiddies”—who rely on online tools to launch attacks. Some of these people have visions of becoming more-adept hackers. “They are willing to pay for training,” Patterson says. “You have hackers who are skilled in the use of it are delivering online training at a cost to people who are unskilled.”

It is within one of these online communities that the code for the Mirai botnet first popped up. A Mirai-fueled DDoS attack knocked a chunk of the internet in October. “I expect a proliferation of unskilled hackers to leverage this Mirai code that could deliver attacks that could be unforeseen as could be the consequences,” Patterson explains.

Still, the amount of damage that a script kiddie can cause tends to be limited because they don’t tend to have access to the most powerful tools or mentors. “Some of the more experienced hackers would likely be very leery of new online personas reaching out to them for assistance,” says Thomas Pore, who works at Plixer’s cyber threat detection and incident response division.

Some of the people that use booters—online paid services used to launch DDoS attacks—are simply kids or gamers with mischievous intent. “For these kids, using a booter site is like the online equivalent of getting drunk. They can do it for less than $5, they have a good time, but most people don’t get hurt that bad when they do it,” Pore says. “Kids might use a booter to DDoS their school or gamers might do the same to a competitor.”

Gauging the Biggest Risks

While a gamer that uses a DDoS service isn’t likely to pose much of a threat, the fact that the source code for Mirai is freely available is a concern. “If you are building malware and you want to use it for gain, there is no reason not to add in Mirai,” Patterson says. “That is why you are going to see the proliferation of DDoS attacks in 2017. Bad guys could proliferate this using it as ransom. They could say: ‘I am going to take you down for three days before Valentine’s Day or Christmas unless you pay up.’”

Another wrinkle is that many companies launching IoT initiatives haven’t had much exposure to cybersecurity before. And much of the equipment in facilities such as factories and hospitals is older and wasn’t developed with built-in security.

In the end, organizations deploying IoT technology will have powerful technological tools—and enemies—to consider.

Tags: Article Security Technologies

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Seoul Robotics Expands 3D Perception Platform across South America dlvr.it/STMhSV https://t.co/a10l3Eb2Kn

5th July 2022
IoTWorldToday, IoTWorldSeries

Microsoft Extends Secured-Core Program to IoT Devices dlvr.it/STMg4k https://t.co/laBPF5VjC4

5th July 2022
IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X