The Internet of Things (IoT) has been the target of many recent high profile cyber-attacks, but the full scale of its vulnerability is yet to be seen. Rick Conklin, vice president of engineering at Dispersive Networks, writing for the Entrepreneur, argues that attacks like that inflicted on Twitter in late 2016 – which was caused by a surge of bots on hijacked unsecured IoT devices – are only set to become more commonplace.
According to Juniper Research, whose recently published report titled 'Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021' examined consumer and corporate IoT usage, the number of installed IoT devices for consumers alone will surpass over 15 billion units by 2021.
In another study, this time conducted by HP, it was found that some 70% of IoT devices are currently vulnerable to attack. When considered alongside how many unprotected devices will soon be online and susceptible, Conklin believes that the security risk posed is "beyond anything we've currently seen in the realm of cybersecurity".
However, he notes that much of this insecurity is down to bad security habits rather than sophisticated software or hackers. These include the use of pre-set passwords and default usernames.
Perhaps most significant is the threat posed to the healthcare system. Action Fraud issued a report on 17 February warning of the latest scam, this time coming in the form of a fake tax rebate. This is not the first time the NHS has been attacked. Earlier in January, an investigation by National Health Executive (NHE) revealed that cyber-attacks on the NHS had more than quadrupled in the past four years.
Nor is it a uniquely British problem, as a report by the European Union Agency for Network and Internet Security (ENISA) last year uncovered an alarming trend across the EU of ransomware targeting MRI machines, CT scanners and even dialysis pumps.
The cyber security agency commented: "The need for improved, and even remote, patient care drives hospitals to transform by adapting smart solutions, ignoring sometimes the emerging security and safety issues. Nothing comes without a price: hospitals are the next target for cyber-attacks." While these attacks were targeting data, a large-scale attack may put lives in danger if vital machinery is shut down.
Conklin suggests that hospitals "adopt improved security practices such as: password management, policies to ensure all devices are up to date/passwords get changed, network segmentation, software-defined network overlays with security built in and improved data management policies. Vital to ensuring that these practices get used successfully will be administrators that make them part of the hospital's workplace culture."
Copyright © Misco 2014. Misco is a trading name of Misco UK Ltd. All rights reserved. E&OE Registered in Scotland Number 114143. Registered Office: Caledonian Exchange, 19a Canning Street, Edinburgh, EH3 8HE. VAT number: 494 1756 15. All prices mentioned (pounds) exclude postage and packaging. All orders comply to Misco terms and conditions.