Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Sean McNee, Senior Data Scientist and Tim Helming, Director of Product Management, DomainTools
Keeping up with IoT in 2019
Connectivity has become integral to daily life in modern society,
and many of us can no longer imagine life without our Alexa, Ring, Nest and
other connected devices. But while consumers and businesses eagerly increase
reliance on IoT products, most remain unaware of the significant headaches they
cause among the cybersecurity community. With the number and variety of IoT
devices on the rise each year, security teams and IoT manufacturers are
struggling to keep pace with threat actors and hackers looking to exploit these
systems. A Gartner survey from earlier this year found that since 2015, nearly
20 percent of organizations witnessed at least one IoT-based attack. Gartner
also reported that worldwide spending on IoT security would likely increase 28
percent from 2017, reaching $1.5 billion in 2018.
IoT devices are rife with vulnerabilities, and dozens of breaches
across industries including telecom and healthcare can be attributed to them.
The high-profile Mirai attack in 2016 is one, and was the cause of internet
service disruption to more than 900,000 Deutsche Telkom customers. Cybersecurity
experts fully expect IoT to be an ongoing area of importance in the coming
year, and organizations must build dedicated security practices that address
IoT device risks, and ensure they are meeting minimum ‘securability' standards.
DomainTools' Senior Data Scientist, Sean McNee and Director of Product
Management, Tim Helming provided their insights on what 2019 has in store for IoT
and cybersecurity.
"It seems that every year now is the year of the ‘Internet of
Things.' An even more diverse set of items, from electric cars to toasters to
pacemakers, are being added online with varying sets of security measures. As
noted by Adam Shostack at Black Hat 2018, these IoT devices have unique sets of
real-world properties which can be attacked and exploited remotely. We expect
attackers to create exploits to target the physical components of IoT devices
with the goal of degrading performance or completely disabling them: remotely
cause batteries to discharge rapidly, overload compressors or heating elements,
or cause them to stop responding. Examples of these exploits could be: electric
cars running of out battery power on the freeway, toasters catching on fire, or
in a worst-case scenario, pacemakers turning off." Sean McNee, Senior Data Scientist
"A set of security standards for consumer and small business-grade
IoT devices will be drafted. This proposal could include something analogous to
the UL listing for electrical devices--it would state that a device with the
certification meets specific minimum standards for ‘securability.' Example
criteria could include forcing strong administrative passwords, hardening of
the OS, not listening on any ports except one or two that require encryption
and authentication, etc." Tim Helming,
Director of Product Management
##
About the Authors
Sean McNee, Senior Data Scientist
Sean has a Ph.D. in Computer and Information Sciences from the
University of Minnesota. His research and business efforts focus on the
creation of actionable insights in support of critical decision- making through
the use of new technologies and workflows over corporate & Internet
networking data.
Tim Helming, Director of Product Management
Tim
Helming has over 15 years of
experience in cybersecurity, from network to cloud to application attacks and
defenses. At DomainTools, he applies this background to helping define and
evangelize the company's growing portfolio of investigative and proactive defense
offerings.