2019. We have a year to get comfortable with those four digits, and it’s a good thing because they will bring quite a few changes to the growing IoT ecosystem and a few security challenges. We know you’re busy unwrapping your last few holiday presents and planning out how you’ll stick to your New Year’s resolutions, but today we’ll unpack some of the most pressing IoT security concerns in 2019. Any connected IoT device represents a threat, and as the ecosystem grows, more defenses are going to be needed. From sensors to security cameras, 2019 will be filled with opportunities for MSPs to leverage their expertise to defend the IoT.
Some trends to keep an eye on
Security experts tell us that the rise of the nation-state attacks are going to greatly increase. A well-coordinated, richly financed attack sponsored by a rogue state could cripple power grids, factories, and infrastructure. In 2015, an attack by Iranian hackers on a low-level dam in Upstate New York raised eyebrows and concerns. A more effective attack by an aggressive state could have crippling impacts on industry and infrastructure in the United States. We hope not. However, MSPs need to do what they can to beef up defenses not just on critical infrastructure clients, but also low-level ones that could be used as entry points.
While most people were still in their post-Thanksgiving food comas, two Iranians were indicted in late November for the SamSam attack that paralyzed Atlanta earlier in the year. The ransomware attack on Atlanta could be the cyber-canary in the coal mine. Municipalities large and small battled ransomware all year long, and we don’t see a reason that won’t continue in 2019. The problem is that such attacks — as cities become more connected — could become worse than what Atlanta experienced. As cities have more complicated, connected ecosystems, we can envision scenarios where not just office-based city services fail, but traffic lights and trains. Even snow removal, which is mostly dependent on street sensors could be impacted. Sometimes a dangerous breach can still occur from opening an innocuous-looking email that disguises a dangerous payload, so MSPs will need to continue to educate their customers on how to avoid these attacks.
IoT at home
Patrice Samuels, an analyst at Parks Associates, tells SmarterMSP that consumers are still worried about the security precautions used — or lack of — in home-based IoT networks. Parks Associates says 32 percent of U.S. broadband households will not purchase a smart home device due to security and privacy concerns. Moreover, nearly two-thirds of consumers are concerned about hackers gaining unauthorized access to smart home devices. These security concerns will act as a “drag” on IoT growth in the home sphere. MSPs who are going after the home market will need to make the case to homeowners that their systems are secure with them.
This is a topic we’ve been talking a lot. An attack on a factory’s exhaust system impacts business, but an attack on connected heart sensors can mean someone’s life. If that’s not bad enough, it isn’t just lives that are in peril, it’s also patient data.
David Finn, Executive Vice President of Strategic Innovation of CynergisTek, tells Healthsecurity.com: “We are so hyper-connected and so busy sharing data, and because everyone has multiple devices and IoT devices, like home assistants, we will see a blending of not only work life but also the health life of patients. Also, we will see more data captured in transit.” Protenus, a cybersecurity software company, reports the first three quarters of 2018 saw about 8.7 million records breached, far outpacing 2017. The troubling trend should continue in the new year.
Artificial intelligence has enjoyed a deserved rebranding of sorts over the past year. However, the bad guys are always waiting in the wings, and AI-infused malware is poised to provide a more significant threat to IoT. AI-powered malware is akin to a key that changes shape to fit a lock. Stakeholders are going to have to work to stay ahead of the bad guy.
Sensors are playing an increasing role in the Internet of Things and safeguarding them will become a growing mission of MSPs. MSPs will need to develop robust defenses to guard against a world where bad actors attack sensors that adjust temperatures on factory equipment, for example a sensor showing a reading too high or too low could shut down critical equipment. The importance of secure edge computing to sift through growing mountains of IoT data will continue to increase.
2019 will be an exciting year to be an MSP, and IoT’s steady growth should provide MSPs will ample opportunity to grow along with it.
Photo: HQuality / Shutterstock