A hacker stealing data from a PC terminal in a server room - IoT security

The potential business edge that access to data from billions of connected devices offers is too much for enterprises to resist. As a result, in 2019 more and more enterprises will be connected to the Internet of Things (IoT) using more and more endpoints. It’s not all good though, all those endpoints mean more attack vectors for hackers to take advantage of. Vulnerabilities are threatening to tear down trust in the connected world, especially as IoT moves into B2B spaces and industrial sectors where risks are much higher.

Security Is Still Key

With data security a paramount concern for enterprises, security will take precedence over innovation if confidence in IoT is to grow and severe security issues are to be avoided. If this can be done, it is likely that adoption will continue at an exponential rate, greater consolidation will drive developers to edge computing and connected applications will unlock multipurpose robots, leading to far greater capability and functionality.

Itai Dadon, director of smart cities and IoT at Itron, said the move to use shared network infrastructure to unlock value is creating problems. Using a shared network infrastructure across multiple departments and operational areas to reduce total cost of ownership and increase interoperability between services and application platforms unlocks tremendous potential, but also creates more problems.

More to the point, Dave McCarthy, VP of Bsquare, points out that IoT platform vendors are realizing a single software platform will not work for all customers due to the unique nature of each business. As a result, these vendors are embracing services and offering IoT applications through partnerships with cloud service providers such as AWS or Azure. With more IoT applications becoming available via cloud providers, businesses in many industries will be able to add IoT with a click of a button, which can create security issues. In fact, for enterprises we contacted that are using IoT, it is clear that security efforts will dominate 2019.

Related Article:  7 Big Problems with the Internet of Things

1. More Dangerous Attacks

Symantec's general manager for IoT, Kunal Agarwal, said that attacks from and on IoT will be more severe over the coming year. In recent years, massive botnet-powered distributed denial-of-service (DDoS) attacks have exploited vulnerabilities in tens of thousands of IoT devices using them as a weapon to send a crippling amount of traffic to unsuspecting websites. As technology and security threats advance, attacks against IoT devices will evolve targeting critical infrastructure that bridges our digital and physical worlds.

Attacks on these critical infrastructures may seek to halt necessary operations or in extreme cases, trigger explosions against our most important physical systems, such as industrial control systems, for example, that power critical infrastructures, which may be outdated and ill-equipped to handle these attacks. Recent studies have shown that more than half of these systems run on outdated Windows software, leaving them highly-susceptible to ransomware, destructive malware and targeted attacks.

Even more concerning, 40 percent of industrial sites are connected to the public internet. In the coming year we can expect to see poorly secured IoT devices targeted for harmful purposes, and companies and IT departments must ensure their security postures are ready.

2. Security as a Differentiator

As the enterprise IoT market matures, vendors will self-regulate security, according to Anthony Di Bello, senior director of market development, at OpenText. Principles like security-by-design will be a competitive differentiator and a must-have for enterprise customers looking to embrace IoT, but who can’t afford a major security issue. Artificial intelligence (AI) and machine learning will play an important role in processing data and securing information from this massive influx of new sensors, machines and devices. If vendors fail to self-regulate, government will step in.

Related Article:  Enterprise Security Concerns for Blockchain and How to Mitigate Them

3. Escalating IoT-Driven Financial Crime

Atif Kureishy, Teradata's vice president global emerging practices, believes that escalating financial crime and synthetic identify fraud will continue to be a significant concern for a majority of companies involved in electronic payment. Many will have experimented using machine learning and several will have demonstrated improved performance over rules-based systems. Many of those companies will also have recognized the need to integrate information across different lines of business to enable early detection of fraud patterns using deep learning to better detect complex signals. Virtually all companies will be challenged to deploy new models due to operational and compliance issues unless they can solve their model lifecycle and model risk management strategies.

4. Model Risk Management

He added that as the number of models deployed by enterprises grows, the need to manage model safety and model stability becomes increasingly clear. In financial services, Model Risk Management (MRM) is a well-known discipline to ensure the validity of models used in key processes such as credit underwriting. In 2019, other industries will realize the need to take a similar approach in order to realize the full value of their analytical models and data while managing risk and exposure to their organization. Beyond model management, MRM provides data pipeline lineage, model governance, clear workflow for promoting models, reproducibility, stress testing, regulatory compliance, model performance monitoring, outlier detection and data monitoring.

5. Machine Phishing

Michael Kanellos, technology analyst at OSIsoft, believes that Machine phishing will become a more urgent concern over the coming year. Hackers increasingly will try to infiltrate IoT and operational networks to send false signals that in turn cause owners or plant operators to take actions that can be damaging. Hackers, for instance, might have a battery pack report that it's fully charged when it's not, or a disgruntled employee at a brewer might cover up the data that otherwise would show how recent production has gone awry.

6. Poor Legacy Security

Finally, as critical infrastructure systems increasingly come online through IoT there will be a rise in cyberattacks with physical consequences, whether that be damage to property or harm to human beings, Justin Sherman, cybersecurity policy fellow at the think-tank New America.

Since many IoT devices lack even the most basic cybersecurity protections, such as strong default passwords, they often leave any interconnected systems vulnerable. Everything from a traffic grid to a public water supply system that gets hooked up with IoT devices could be hacked and manipulated with devastating consequences. When these events happen with greater frequency, and greater impact, it is likely we'll see calls for robust IoT device security standards in addition to any number of policy measures to mitigate the risks posed to publicly and privately owned critical infrastructure.