https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Cybersecurity

Why IoT Device Security Is a Common Pool Resource

When it comes to IoT cybersecurity breaches, we are all potential victims.
  • Written by Isaac Kohen
  • 9th April 2018

The Internet of Things (IoT) is not merely devices that provide data to users, but networks of connected devices that can also communicate with one another. These capabilities don’t just open up a world of possibilities for individuals, organizations and economies, but also enable cybercriminals to launch attacks such as botnets. The best-known botnet is the 2016 variant known as Mirai, which succeeded in bringing down mainstream internet websites. But exploits such as EternalBlue, ransomware and malware, in general, have become more dangerous for organizations with IoT deployments. And while botnets are dangerous, malware capable of lateral movement is even more so as it can cause extensive damage after accessing a single networked device.

Consider, for instance, a recent malware strain known as “WannMine” that first seeks out credentials on the network, then proceeds to infect every device possible. The goal of the attack is to use their processing power to mine for Bitcoin. Normally, these attacks target personal computers, but organizations with poor IoT device security are vulnerable as well, given that they often run on unsecured Linux builds. Malware such as WannMine and Mirai could easily be made to exploit IoT devices to hold them ransom until payment is made. This threat is something that should concern industrial Internet of Things (IIoT) users.

[Internet of Things World addresses the security concerns for IoT implementation in every vertical, attracting senior security professionals from the world’s biggest organizations. Get your tickets and free expo passes now.]

Some of the most significant threats an organization face come from vulnerabilities in their application of the IIoT. Although IIoT is a subset of the Internet of Things, it uses a substantially similar network of devices, sensors and data with the explicit intent to optimize operations, productivity, reduce costs, and increase profitability. Most IIoT systems are fully automated. Think about modern car assembly lines; Machines handle the majority of tasks. One ransomware or botnet attack here and a whole company could be taken out overnight. Threats will continue to proliferate for the Internet of Things until organizations start to realize that there is more to security than phishing emails and malcontent hoodie-wearing hackers toiling away in a basement someplace.

The Tragedy of the Commons and IoT Security

In the famous text “Tragedy of the Commons,” Garrett Hardin outlines a scenario where a shared resource is depleted by self-interested actors making rational choices. One typical example is overfishing. This scenario demonstrated how technology alone cannot fix the problem of commons degradation. A shift in human values is required.

While this scenario is often brought up in regards to sustainable development, it applies quite well to the challenges we face today with cybersecurity. Consider how data breaches impact far more than just the individual or organization who has been attacked. Cybersecurity is often seen as a problem individual actors must solve for themselves according to their own means and motivations. IoT creates a more entrenched and connected network of devices and makes available more data, thereby increasing the impact of a breach. According to Raytheon and the Ponemon Institute, more than 80 percent of senior IT practitioners believe a catastrophic data breach is likely to happen due to unsecured IoT devices at their organization over the next three years. Remember the scale of the Equifax breach and how that one shook the very foundations of the U.S. credit system? If addressing IoT security requires that we treat the commons as a resource, what exactly can we do?

Treating Security as a Common Pool Resource

Empirical data suggests that individuals often develop their own solutions to the commons dilemma. In regards to IoT device security, the Industrial Internet Consortium is an independent coalition whose priorities including enhancing industrial Internet of Things security. Non-governmental efforts such as this treat security as a common pool resource that impacts us all. Such efforts should be encouraged and supported more since they frame security as not an individual issue but a common issue that needs collaboration to address. Government regulation will catch up eventually, but for now, businesses need to coordinate security among themselves. This is where organizational culture comes into play.

Cultivating a IoT Security Culture

Cultural development requires a clear vision, interventions and method for evaluation. There is no one correct way to do this, however, there are a few tips that have proven helpful. First set the vision for what your security culture will look like so that management is on the same page. Second, determine the scale of culture change and identify what interventions will get you there. Interventions can be behavior monitoring programs that alert users of policy violations or periodic awareness campaigns. You will also need to ensure there are security standards in place for every device or endpoint that is on your network. Ensure communication channels are established with management and employees for assessment and feedback. Lastly, there is the factor of measuring success. You should identify some key performance indicators, but also integrate the Security Return on Investment formula to assess if you’re generating a savings from your security culture program. If you are not, assess where improvements could be made to the program.

The Internet of Things is quickly changing the security landscape and is forcing us to rethink how we frame it. While most would say that improving IoT device security starts within our organizations, the reality is that we collectively need to treat security as a common resource that is maintained by us all.

 

Tags: Article IIoT/Manufacturing Metaverse Security Technologies Vertical Industries

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Partnership to Globally Expand Robotics Solutions
  • Researchers Use Robotic Prey to Track Predator Behavior

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022
IoTWorldToday, IoTWorldSeries

Researchers Use Robotic Prey to Track Predator Behavior dlvr.it/STJjyB https://t.co/6rJICwgK2i

4th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail dlvr.it/STJYcq https://t.co/NcNinAiPUE

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X