According to Gartner, 6.4billion “things” will be in use worldwide in 2016 and the technology consulting firm expects this number to grow to 21 billion by 2020. That’s a massive amount of data and devices to manage and integrate into the cloud.
Using the data generated by Internet of Things (IoT) technology to deliver measureable business value has great potential, particularly when it comes to creating efficiencies and reducing operational costs. More importantly, leveraging these sensors and the data generated will drive innovations in how we power our world.
However, as the IoT market expands, integrating this data into existing infrastructure can leave organizations vulnerable to a new host of security challenges. When evaluating how to leverage this data, it’s critical for IT decision makers to come together with their CEO and determine not only how to protect themselves from an attack today, but attacks in the future.
Hackers are becoming more sophisticated and IoT data is susceptible to a new kind of threat known as data sabotage or manipulation. Rather than simply stealing valuable data, data manipulation hackers subtly alter the data so everything looks fine while they carry out their malicious intent. For example, hackers may modify a company’s earnings report or tweak its credit rating in order to cause the company’s stock price to fall. Hackers can then financially benefit by short selling the stock in advance of the hack.
The IoT is also making organizations vulnerable to DDoS attacks on a scale never seen before. As smart devices or sensors connected to IoT continues to grow, this provides hackers with more resources to mount a devastating attack. In September 2016, the French ISP, OVH, was subject to the largest DDoS attack in history, which peaked at over 1 terabit per second of traffic. 152,000 hacked IoT devices, including potentially smart refrigerators or thermostats, were used to launch the record-breaking attack.
In order to protect against these types of attacks, it’s imperative to have a multi-layer security approach that starts with an integrated security system at the cloud infrastructure level. Organizations should look for systems that include:
- DDoS prevention;
- network intrusion detection;
- web application protection;
- host intrusion protection;
- vulnerability protection; and
- Trojan detection
By incorporating the above security measures directly into the cloud infrastructure, businesses can reduce the risk of these types of attacks. As IoT data use increases as time goes on, the ability of hackers to access the Cloud to sabotage data or mount massive DDoS attacks does so in equal measure.
