Telcos: when it comes to IoT security, prevention is always better than cure
Smart devices have arguably made consumers’ lives easier, and as they become more affordable, more of us are investing in the IoT. However, all too often, these smart devices are being manufactured with affordability in mind and security as an afterthought.
As a result, customers are being left increasingly at risk. As the IoT is embraced by the healthcare sector, urban infrastructure and automobile industries alike, the threat of cyber-attacks widens. The implications of these attacks will not only impact the consumer that has invested, but society at large, with wide-ranging economic repercussions as well.
With many manufacturers focusing on profit first, who is left to take care of security? Should the telecommunication providers be taking action?, says Ultan Kelly, senior director at Cobham Wireless.
Cast your mind back to the world’s largest Distributed Denial of Service (DDoS) attack on Dyn in October 2016; driven by MIRAI malware, it targeted connected devices such as CCTV video cameras and digital video recorders, and brought down internet goliaths like Twitter, Spotify and Reddit.
In that time, not much has changed. Just last month, half a million computers went down in Australia in a similar DDoS style infiltration. These types of attacks will only increase, so telecommunication providers must take action to mitigate the threat.
Imagine the impact of security breaches of hospitals reliant on connected medical devices, or a hack on connected electricity grids, leaving towns and cities without access to crucial utilities. Even an attack on a selection of connected cars could be catastrophic. These incidents could jeopardise the safety of society on a vast scale.
If the societal threat doesn’t call the telcos to action, then the threat to their customer’s wallets just might. A recent report revealed that the average cost to a company that suffers a DDoS attack is $2.5 million.
This is a shocking statistic that’s only compounded by the revelation that 86% of the companies surveyed had suffered a DDoS attack within the last 12 months. With this much at stake, it’s clear that hackers will only seek to further exploit service provider and business networks.
The solution is simply a case of planning for the inevitable. Telcos should employ technology that provides a comprehensive recourse for proactively protecting and hardening their systems. This can be achieved by implementing a modern security strategy, which involves stress testing networks by emulating DDoS and malware threats to identify weaknesses which could be targeted by cyber hackers. This will maximise the chances of identifying any potential security holes across their network, because prevention is just as important as defence.
Providers are racing to deploy new connectivity standards for IoT, such as NB-IoT, LoRa or Sigfox, which are all slated to make the IoT yet more seamless and see yet more devices connected to the internet. Unfortunately, in their haste, providers may not be placing security at the top of their list of priorities.
Hackers will likely look for lax security around new modes of connectivity. Therefore vigilance is paramount and operators must be aware that these connectivity networks will be just as vulnerable as current network standards, like LTE or Wi-Fi.
Poorly secured connected devices, designed with affordability in mind, will be ubiquitous in the growing IoT landscape and it is these devices which remain the entry-point for many IoT attacks.
However, with all the threats laid bare and the extent of their consequences clear, it would be inexcusable for the telecommunication providers to shirk their duty to address the threat at network level. If not for the safety of their customers, then at a minimum for the safety of their bank balances.
The author of this blog is Ultan Kelly, senior director at Cobham Wireless
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus