Users Can Secure Their IoT Devices; But Will They?
*****The following article, by Jeff Finn, appears within the Opinion section of InfoSecurity Magazine’s web site and was originally published on February 15, 2017.
On an increasingly massive scale, cybercriminals are repurposing connected Internet of Things (IoT) devices installed within our homes. These hackers use malware to enlist our smart thermostats, speakers, lights, and more as soldiers for their botnet armies – used in coordinated massive attacks causing security breaches that threaten the integrity of the internet.
They’ve used these IoT botnets to target major websites and even forced entire countries to go offline. With the IoT primed for exponential growth through the next decade, the inherent vulnerabilities of these smart devices – combined with the capabilities of IoT-based botnets – create formidable cybersecurity challenges and risks.
I believe that the party best positioned to prevent or stop malicious attacks is the consumer. Those who use IoT devices in their own homes have the power to vote with their wallets, and could choose to buy devices with more effective security. However, without awareness of the risks posed to other parties, or direct impact upon their own individual use, why would consumers change their behavior?
Currently, most consumers have little or no awareness when their IoT devices are compromised or exploited. In the eyes of the consumer, as long as the IoT devices perform their intended function, the consumer literally “sees” no real problem.
Conversely, website hosting companies, operators, and other entities attacked by these IoT botnet armies are highly motivated to address the issue of unsecured IoT devices. But, in most cases, they lack the resources to mitigate botnet attacks, or the influence to make manufacturers provide better device security.
The current level of IoT device security varies. While some higher-end household appliances like smart refrigerators may incorporate more robust security features, many lower-end devices like lights and thermostats have no security measures in place – and most lack a user interface to manage the device.
As the IoT market continues to swell – Cisco estimates 15 billion IoT devices today, IDC/Intel foresees 200 billion such devices by 2020 – the vast majority of these internet-connected gadgets are of the low-end, low-priced, low-security variety.
Customer demand continues driving these manufacturers to emphasize time-to-market and user features (rather than security), meaning the problem and risks will only worsen.