More and more devices in our homes and workplaces are gaining smart capabilities as the Internet of Things starts to move from niche to mainstream.
But greater adoption also means an expanded threat surface. So what can we expect to see from the IoT in 2019? We’ve rounded up the opinions of some industry experts.
Manufacturers are increasingly turning to smart features to make their products stand out, says DH2i CEO and co-founder, Don Boxley. "Making smart products, IoT devices, is the new product differentiator -- even ovens have IP addresses now. Companies that have been investing in IoT initiatives understand that the IoT gateway layer is the key that unlocks a high return on those IoT investments. IoT gateways manage device connectivity, protocol translation, updating, management, predictive and streaming data analytics, and data flow between devices and the cloud. Improving the security of that high data flow with a Zero Trust security model will drive enterprises to replace VPNs with micro-perimeters. Micro-perimeters remove an IoT device's network presence eliminating any potential attack surfaces created by using a VPN."
Sastry Malladi, CTO of FogHorn thinks a new generation of audio and video sensors will bring big advantages. "There is industry-wide excitement about the capabilities that audio and video sensors can bring to the IIoT. Edge computing technology can play an important role in the further deployment of audio and video data in commercial and industrial IoT systems. The fusing of asset data with audio and video analytics will allow for faster and more accurate device and machine maintenance (including updates on systems health and more), and a whole host of new innovative applications. One such example of the video analytics is the use of flare monitoring at oil and gas operations to track environmental compliance and flare state remotely for large volumes of flare stack towers."
Connected medical devices will deliver benefits too but these don’t come without risks says Marcin Kleczynski, CEO of Malwarebytes . "With the ability for medical devices to connect directly to the Web, the growing Internet of Things (IoT) model offers many benefits. Greater connectivity means better data and analytics and patient care, but it also opens the door for data loss of personal health information and unauthorized access to devices. The healthcare industry will need to closely examine a new era of connectivity and patient security. Similar to the electronic health record conversion, security protocols will need to change and evolve to meet the growing threat. Devices should have strict authentication, limited access and heavily scrutinized device-to-device communications. Encryption will be a crucial element of securing these devices, a responsibility that if not adopted by device providers and manufacturers, is likely to be driven by third-party security providers."
The industrial Internet of Things is also expected to introduce new risks for businesses saysOphir Gaathon, CEO and co-founder of DUST Identity . "Industrial IoT is driving an explosion of connected parts and assets. From power plants to vehicles and HVAC systems. More connectivity and accessibility introduces more attack vectors, and thus ensuring the integrity of the parts is more critical than ever before. Asset owners control over their parts supply chain is diminishing -- leading to higher risk and greater impact of breach and disruption. Without a new approach and use of modern tools the changing threat environment compounded by the anticipated increase in regulatory pressure companies and government stakeholders will experience a significant increase in resource allocation to stay compliant."
The potential for attacks on IoT devices and infrastructure worries many experts. Gene Stevens from Protectwise says, "The number of incidents occurring from unknown attack surfaces within an organization could increase, such as IoT and BYOD. Publicly accessible private data and poorly secured devices are expected to increase into 2019 due to the addition of IoT and cloud services by organizations while lacking the proper network hardening and monitoring capabilities."
This is a particular worry for industrial installations believes Justin Fier, director of cyber intelligence and analysis at Darktrace . "Since the attacks on the Ukrainian power grid in 2016, and Triton in 2017, attacks on industrial environments have become mainstream. With several nation states providing warnings in 2018 about ongoing targeting of their energy grids, 2019 looks set for increasing numbers of high profile cyber-attacks on our critical infrastructure. Darktrace is specifically looking at three threat vectors: smart meters and IoT devices, disruption of core logistics and transportation services (specifically in shipping), and sporting events infrastructure."
This echoed by Joe Lea, VP of product at Armis , "Since the Mirai botnet in 2016, we’ve witnessed a rapid evolution of IoT attacks. Within the past year alone, IoT devices have been harnessed maliciously for cryptomining, ransomware and mobile malware attacks. In 2019, IoT threats will become increasingly sophisticated, shifting from botnets and stray ransomware infections to APTs for surveillance, data exfiltration and direct manipulation of physical world to disrupt operations."
Do you have any other hopes for, or worries about, the spread of IoT devices? Let us know.
Image credit: Jirsak / Shutterstock