According to Gartner, 6.4billion “things” will be in use worldwide in 2016 and the technology consulting firm expects this number to grow to 21 billion by 2020. That’s a massive amount of data and devices to manage and integrate into the cloud.
Using the data generated by Internet of Things (IoT) technology to deliver measureable business value has great potential, particularly when it comes to creating efficiencies and reducing operational costs. More importantly, leveraging these sensors and the data generated will drive innovations in how we power our world.
However, as the IoT market expands, integrating this data into existing infrastructure can leave organizations vulnerable to a new host of security challenges. When evaluating how to leverage this data, it’s critical for IT decision makers to come together with their CEO and determine not only how to protect themselves from an attack today, but attacks in the future.
Hackers are becoming more sophisticated and IoT data is susceptible to a new kind of threat known as data sabotage or manipulation. Rather than simply stealing valuable data, data manipulation hackers subtly alter the data so everything looks fine while they carry out their malicious intent. For example, hackers may modify a company’s earnings report or tweak its credit rating in order to cause the company’s stock price to fall. Hackers can then financially benefit by short selling the stock in advance of the hack.
The IoT is also making organizations vulnerable to DDoS attacks on a scale never seen before. As the usage of smart devices continues to grow, hackers are provided with more resources to mount a devastating attack. In October 2016, hackers used tens of millions of IoT devices, including webcams and thermostats, to mount an enormous DDoS attack on Dyn, a domain name server which is used by some of the world’s most popular websites. By targeting Dyn, hackers were able to take offline Internet giants such as Twitter, Netflix, Paypal, Spotify, Reddit and others. It was the largest attack on IOT ever seen before.
In order to protect against these types of attacks, it’s imperative to have a multi-layer security approach that starts with an integrated security system at the cloud infrastructure level. Organizations should look for systems that include:
- DDoS prevention;
- network intrusion detection;
- web application protection;
- host intrusion protection;
- vulnerability protection; and
- Trojan detection
By incorporating the above security measures directly into the cloud infrastructure, businesses can reduce the risk of these types of attacks. As IoT data use increases as time goes on, the ability of hackers to access the Cloud to sabotage data or mount massive DDoS attacks does so in equal measure.
