• United States




The unlimited potential of IoT and security challenges

Nov 18, 20164 mins
Internet of ThingsSecurity

IoT security has not been up to date with the rapid pace of innovation and adoption creating substantial safety, privacy and economic risks

Proliferation of connected devices, systems and services has immense opportunities and benefits for our society. The connected devices, enabling seamless connections among people, devices and networks, play an essential role in our day-to-day life from fitness tracker, to cars, to health monitoring devices, to control systems and delivering utilities to our homes.

A new IoT device is coming online everyday with new features and functionalities. Through connected devices, health care is improving patient care such as a diabetic patient’s blood sugar level can now be monitored and analyzed by doctors remotely enabling quick treatment to a possible life-threatening situation.

Recent research study released by Juniper predicted about the future of human interaction with technology. The report indicates that gesture and motion control will become vital for human computer interaction in the coming years. The study found that by end of 2016 there will be 168 million devices that utilizes motion or gesture tracking such as wearables, virtual reality and more. With this adoption rate, the study suggests that there will be 492 million motion and gesture-tracking devices by 2020.

However, IoT security has not been up to date with the rapid pace of innovation and adoption creating substantial safety, privacy and economic risks. The recent hack on Dyn network exploited a security flaw in inexpensive connected DVRs, Webcams and surveillance cameras, which interrupted some of the biggest sites such as Twitter, Spotify and part of Amazon. Moreover, with connected cars, airplanes, house appliances, industrial systems connected to the internet, there is a real risk to the life and property damage.

[ ALSO ON CSO: How to approach keeping your IoT devices safe ]

While the benefits of IoT are unlimited, the reality is that security is not keeping up with the innovations and adoptions. The IoT ecosystem introduces risk that include malicious actors manipulating the flow of information to and from network-connected devices or tampering with the devices themselves. This can lead to the theft of sensitive data and loss of consumer privacy, interruption of business operations, slowdown of the internet, and potential disruptions to critical infrastructure and finally impacting the economy. As IoT devices become crucial for keeping up with evolving markets, businesses and technology leaders need to be mindful of the security implications of this new technology.

Why IoT devices are susceptible to compromise?

Studies indicate that three-quarters of IoT devices today are susceptible to getting compromised or hacked. Many of the vulnerabilities are due to the lack of password strength and weakness to protect these devices. Many IoT devices are low-profit products with little to no security built into them. It’s not possible to patch the open vulnerabilities as there is no way for consumers to know their devices are compromised not even the manufacturers have a way to fix the open vulnerabilities.

It’s high time now for everyone including device manufacturers, suppliers, system integrators, network owners and consumers to get prepared and work in collaboration to secure and protect IoT ecosystem.

How to address IoT security challenges

Many of the IoT vulnerabilities can be mitigated by following best security practices, except the low-cost devices which do not incorporate even the basic security measures. They need to be replaced from any critical locations. At the same time, there is also a need to develop a comprehensive international standard and framework for IoT security. Security needs to be added at the beginning of the product design so to reduce the cost of fixing the bug or vulnerabilities later in the product lifecycle.

Moreover, cybersecurity efforts are a never-ending journey and should constantly evolve with innovations. Security should be evaluated as an integral component of any connected devices. By focusing on security as a feature of connected devices, manufacturers and service providers can have the opportunity for market differentiation in the IoT security management.

No doubt, even if security is included at the design of the production development lifecycle, vulnerabilities can be discovered in products after they are deployed. So it’s highly imperative to develop strong vulnerability management programs and continually scan and patch deployed devices if found with any new vulnerabilities.

It is highly critical to know and monitor the network of connected devices. If there is a clear inventory of connected devices in the network and the inventory database is regularly updated when a device is added or removed from the network, it is likely that we can secure the connected devices and prevent someone from exploiting them.


Ajay Kumar is an information security and risk management consultant with more than 15 years of experience in various industries. Ajay has predominantly worked on initiatives involving enterprise mobile security, cybersecurity, data protection and privacy, security operations, security analytics and identity and access management.

The opinions expressed in this blog are those of Ajay Kumar and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.