In a few short years, the Internet of Things (IoT) has gone from a technology — or set of technologies — that were cutting edge to the situation today where connected household items, or automobiles, are common. However, growth is only really gathering speed now with San Francisco-based Cisco estimating that the “Internet of Everything cisco article” — its take on the IoT — could have has many as 50 billion connected devices by 2020.
According to Helsinki, Finland-based F-Secure, a cybersecurity company citing research from Gartner, over the next two years, the number of IoT devices entering households will climb steeply from nine devices per household currently to 500 by 2022, with IoT connectivity being bundled into products whether people want it or not.
In fact according to Mikko Hypponen, chief research officer for F-Secure in research on the IoT published last month, in the future, devices without IoT capabilities may be more expensive because they’ll lack data that can be harvested by manufacturers. It’s this very data that makes the IoT such an interesting proposition for enterprises. That data, though, comes with risks, along with a number of other notable risks and problems associated with the IoT that enterprises will have to overcome in the coming years.
Last month, the World Economic Forum published its Global Risks Report for 2018, the 13th year it has published it. Each year, researchers with the Global Risks Report work with experts and decision-makers across the world to identify and analyze the most pressing risks that the world face. As the pace of change accelerates, and as risk interconnections deepen, this year’s report highlights the growing strain we are placing on many of the global systems we rely upon. The IoT and the problems related to cyberattacks take a prominent position in the report.
Related Story: 12 Emerging Internet of Things (IoT) Trends That Will Become Mainstream In 2018
1. Walled Off Internet
According to the World Economic Forum, the growing number of cross border attacks will start pushing national governments towards breaking up the internet in national, or even regional “walled gardens.” There are other pressures too that will push them to do this, including economic protectionism, regulatory divergence and the loss of government power relative to global online companies.
This will create major problems for the concept — and practice of a global IoT — leading to the erection of barriers to the flow of content and transactions. “Some might welcome a move towards a less hyper-globalized online world, but many would not, resistance would be likely, as would the rapid growth of illegal workarounds. The pace of technological development would slow and its trajectory would change,” the report reads.
2. Cloud Attacks
Given that a large amount of the data that will run the Io T will be stored in the cloud it is likely that cloud providers will be one of the principle targets in this kind of war. While there is growing awareness of this problem, cybersecurity is still under-resourced in comparison to the potential scale of the threat. To get some kind of idea of the problem, the World Economic Forum report cites analysis that suggests that the takedown of a single cloud provider could cause $50 billion to $120 billion of economic damage — a loss somewhere between Hurricane Sandy and Hurricane Katrina.1
The annual economic cost of cybercrime is now estimated at north of $1 trillion, a multiple of 2017’s record-year aggregate cost of approximately $300 billion from natural disasters.
Related Story: How to Deal With IoT Security Threats
3. AI-Built Security Issues
Although the threat magnitude of ransomware has already grown 35 times over the last year with ransomworms and other types of attacks, there is more to come. Derek Manky, global security strategist at Sunnyvale, Calif.-based Fortinet agrees that the problems for cloud vendors are only emerging.
He said that the next big target for ransomware is likely to be cloud service providers and other commercial services with a goal of creating revenue streams. The complex, hyperconnected networks cloud providers have ?developed can produce a single point of failure for hundreds of businesses, government entities, critical infrastructures, and healthcare organizations. If not in the next year, he said soon we will begin to see malware completely created by machines based on automated vulnerability detection and complex data analysis. Polymorphic malware is not new, but it is about to take on a new face by leveraging AI to create sophisticated new code that can learn to evade detection through machine written routines.
4. Botnet Problems
Millions of new connected consumer devices make a wide attack surface for hackers, who will continue to probe the connections between low-power, somewhat dumb devices and critical infrastructure, Shaun Cooley, VP and CTO at San Jose, California based Cisco website said. The biggest security challenge he sees is the creation of Distributed Destruction of Service (DDoS) attacks that employ swarms of poorly-protected consumer devices to attack public infrastructure through massively coordinated misuse of communication channels.
IoT botnets can direct enormous swarms of connected sensors like thermostats or sprinkler controllers to cause damaging and unpredictable spikes in infrastructure use, leading to things like power surges, destructive water hammer attacks, or reduced availability of critical infrastructure on a city or state-wide level. Solutions for these attacks do exist, from smarter control software that can tell the difference between emergency and erroneous sensor data, and standards that put bounds on what data devices are allowed to send, or how often they’re allowed to send it. But the challenge of securing consumer-grade sensors and devices remains, especially as they connect, in droves, to our shared infrastructure.
5. Limited AI
AJ Abdallat is CEO of Beyond Limits website, an organization that was born from the labs of the Caltech deep space program. He points out that most of the current AI offerings on the market have substantial limits. After all, the machine learning and big data based AI that currently pervade are powerful tools for identifying associations in large quantities of data, but don’t have much on humans in terms of working out the complex phenomena of cause and effect, or to identify modifiable factors that can engender desired outcomes.
As big data and machine learning powered AI’s gains processing power, they can incorporate into their algorithms more and more information, more and more variables that may affect data associations. But with little human intervention, inevitably some variables may display strong correlation by pure chance, with little actual predictive effect.
The practical applications of AI to the IoT include, Smart IoT that connects and optimizing devices, data and the IoT; AI-Enabled Cybersecurity that offers data security encryption and enhanced situational awareness to provide document, data, and network locking using smart distributed data secured by an AI key.
6. Lack of Confidence
Amsterdam, Netherlands-based Gemalto is a cybersecurity firm that has researched the impact of security on the development of the IoT. If found that that 90 percent of consumers lack confidence in the security of Internet of Things devices. This comes as more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security. In fact its recent State of IoT Security research report, released at the end of October showed the following data.
-
96 percent of businesses and 90 percent of consumers believe there should be IoT security regulations
-
54 percent of consumers own an average of four IoT devices, but only 14 percent believe that they are knowledgeable on IoT device security
-
65 percent of consumers are concerned about a hacker controlling their IoT device, while 60 percent are concerned about data being leaked
“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, CTO of Data Protection at Gemalto said in a statement about the report. “Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,” said Hart.
7. Understanding IoT
In 2018, the real issue is how to increase the ability for people to understand the changes and their implications more clearly, and to take concrete actions to take advantage of the potential upside. “The pace of change has exceeded the rate of human capability to absorb — the cup is already full,” said Jeff Kavanaugh, VP and Senior Partner in High Tech & Manufacturing for Infosys website.
Internet of Things is moving into it’s adolescence as connected devices become smarter and more immersive, and expectations to convert IoT data to insights and financial value increase. Also, algorithms and data visualization templates have evolved so that new use cases can take advantage of earlier ones. The exponential adoption of IoT will drive down sensor and acquisition costs, enabling more and more viable business cases that have previously been too expensive.
