IoT security reaches critical era, believes Sectigo
May 27, 2020
Protecting the IoT has never been more critical, according to New Jersey-based cyber-security technology firm Sectigo.
The number of devices connected to the internet is expected to reach 50 billion worldwide by the end of 2030, which Sectigo says poses dangerous risks to people, businesses and critical systems. To illustrate the divide between cyber attacks on these devices and business preparedness, the provider of automated digital identity management and web security has released its Evolution of IoT Attacks study.
The report chronicles the progression, variety and growing sophistication of many of the most infamous vulnerabilities and attacks on connected devices, as well as the emerging defences used by organisations to fight them.
Sectigo has categorised IoT attacks into three eras – exploration, exploitation and protection.
The era of exploration began in 2005 when cyber criminals started to explore the potential to cause lasting damage to critical infrastructure, and even life. Security defences at the time were rudimentary, with organisations unaware of the value the IoT could have for hostile actors.
The era of exploitation spanned 2011 to 2018, and saw cyber criminals actively exploiting the lucrative and damaging potential of attacking the IoT, thus expanding attacks to more targets with increased severity. However, they found organisations more prepared to withstand the onslaught. White-hat hackers exposed potential IoT vulnerabilities to help shore up defences before attacks occurred in the wild. Meanwhile, as organisations fortified their defences, cyber criminals found more ways to monetise their attacks through crypto-mining, ad-click fraud, ransomware and spam email campaigns.
The world is now in the era of protection. By 2019, enterprises and other organisations had become increasingly capable of countering these attacks. Just recently, governments have begun enacting regulations to protect IoT assets, and businesses and manufacturers are heeding the warnings. In fact, according to the recent 451 Research Enterprise IoT Budgets & Outlook report, organisations are investing more than half of their IoT budgets, 51%, to implement security controls in devices, using security frameworks and unified products with strong technologies that work together to provide multiple layers of protection.
“As we move into this decade, protecting the vast internet of things has never been more critical for our safety and business continuity,” said Alan Grau, vice president at Sectigo. “Cyber criminals are retooling and honing their techniques to keep striking at vulnerable targets. Yes, businesses and governments are making laudable efforts to protect all things connected, but we are only at the beginning of the era of protection and should assume that these efforts will be met by hackers doubling down on their efforts.”
IoT security must start on the factory floor, says the report, with manufacturers and continue throughout the device’s lifecycle. Power grids, highways, data security and more depend on organisations adopting ever-evolving security technologies to withstand attacks.
Sectigo is a cyber-security technology company providing digital identity services, including TLS and SSL certificates, web security, devops, IoT, and enterprise-grade PKI management. It has more than 700,000 customers worldwide and 20 years of experience.