Virtualization Technology News and Information
Article
RSS
Dispersive Technologies 2017 Predictions: Will 2017 Bring IoT-fueled Attacks on Government, Hospitals?

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual VMblog.com series exclusive.

Contributed by Rick Conklin, Vice President of Engineering at Dispersive Technologies

Will 2017 Bring IoT-fueled Attacks on Government, Hospitals?

In 2016, the Internet of Things (IoT) dominated discussions in the media and conferences. While many focus on the tremendous opportunity IoT offers, large risks remain. In particular, IoT's biggest issue - safety - is a thorny topic with which the industry is still grappling. For example, 2016's DDoS attack on Dyn that took down several major websites such as Twitter was caused by a bot army of unsecured IoT devices. This attack is only the tip of the iceberg, and in 2017 we should expect more of the same, but websites won't be the only targets. Unless manufacturers and users of connected devices get serious about security, we will see these attacks evolve next year and could extend to major government institutions and hospitals.

Here's what to expect in 2017

According to a study from HP, 70 percent of IoT devices are currently vulnerable to an attack. While companies are working to improve that, a significant number of IoT devices will be left unprotected in 2017. Additionally, Gartner predicts over 20 billion IoT devices by 2020. Let's say that in the next three years the number of secure IoT devices doubles, which means that only 40 percent will be insecure. According to Gartner's estimate that means a total of 8 billion devices by then: roughly equivalent to the population of the Earth. Imagine if hackers had an 8 billion strong bot-army. That security risk is enormous and game changing.

The risk isn't necessarily from sophistication of attacks but poor security practices of IoT users. Common practices such as using the default usernames and passwords that are supposed to be used only for setup and then changed, are making it easy for attackers to take those devices and using them as botnets. What's making the problem worse is that companies aren't doing much to stop this and other poor security practices. A recent study showed over 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack and a stunning 98 percent of the most vulnerable executives have little confidence that their firms constantly monitor devices and users on their systems. It's clear that most C-Suite executives don't give cybersecurity enough consideration.

Companies are not the only ones left wide open to an attack, as the U.S government is reportedly even worse off. Its agencies' weaknesses will be compounded by the growing trends and pressure to continue to virtualize and expand their footprint with a mass movement to the cloud and the integration of IoT devices. More hypersensitive data will be transferred between multiple interconnected platforms. I believe that as a result of these vulnerabilities, there is a 50/50 chance that a significant cyber warfare attack is instrumented against the US government, the US military, US critical infrastructure, or the US banking infrastructure. This organization will be ill-prepared and vulnerable; it is also likely that the attack won't originate on IoT devices owned by the government but instead will come from the outside.

Government infrastructure won't be the only targets; we also predict that a major hospital will face a HIPAA violation for using an unsecured smart medical device. Hospitals have a lot to gain from deploying the IoT for crucial data/insights to improve patient care, but that means cybersecurity will be even more crucial in an industry that already loses $5.6 billion each year to data breaches. The FDA already recognizes that cybersecurity/HIPAA compliance is an important issue and is working on creating standards and procedures, but that might not be effective in preventing attacks. If a US hospital IoT breach doesn't sound that dangerous, here's a worst-case scenario example: a patient's insulin pump or other connected medical device that is easily accessible with default passwords that have not been reset. Poor IoT security will go far beyond acquisition of medical data and has the potential to put the lives of patients at risk. In order to address these concerns, hospitals will need to start by adopting improved security practices such as: password management, policies to ensure all devices are up to date/passwords get changed, network segmentation, software-defined network overlays with security built in, and improved data management policies. Vital to ensuring that these practices get used successfully will be administrators that make them part of the hospital's workplace culture.

Conclusion

IoT security has to move from the conference presentations to the boardroom, and 2017 will be a year of reckoning if IoT security is not taken seriously. It can no longer be solely the IT department's responsibility to keep enterprise data safe. Everyone in an organization needs to help take responsibility, follow security procedures to the letter and be vigilant for signs of danger. The good news is that there are security solutions out there to help, even with technology as nascent as the IoT. A combination of advanced software and a strong internal culture will give companies a cybersecurity defense to make sure they're ready to take on potential attackers.

##

About the Author

Richard Conklin, Vice President, Engineering Dispersive Technologies, is a seasoned computer networking, switching and security expert with over 25 years of experience. He has 11 granted and several pending patents and specializes in developing and advancing innovative technologies. Past employers include Ciena Corporation (where he held the positions of Senior Principal Engineer and Senior Manager), Scientific Atlanta, Motorola and Siemens.  

Rick Conklin 

Published Friday, January 06, 2017 7:02 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2017>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
2930311234