Bringing Home the Dangers of IoT

From smarthomes to botnets, the Internet of Things means high stakes in the real world.

The Internet of Things (aka IoT), that fast-proliferating global network of connected devices, presents a vast new world of business opportunities. The application economy requires companies to act fast if they want to stay relevant―and IoT is multiplying that urgency by an order of magnitude. It is also creating an ever-expanding universe of risks that any organization hoping to benefit will need to be very wary of.

Botnets Go Big

Security is obviously a big factor―particularly following the events of October 2016, when a company called Dyn was hit with massive amounts of traffic from a Distributed Denial of Service (DDoS) attack. You might not have heard of it until this story appeared in the news but Dyn manages internet infrastructure for a number of very large properties, including Twitter, Amazon and Netflix.

As investigations took place, we discovered that the Mirai botnet was generating traffic from smart home devices such as printers, IP cameras, residential gateways and baby monitors. These IoT devices had been infected with the Mirai malware―in many cases because they had well-known default usernames and passwords. With an estimated load of 1.2 terabits per second, this was the largest DDoS on record.

Raising the Stakes

It’s not just a matter of increasing the technical potential for wreaking havoc in the virtual world. Keep in mind that IoT is effectively a bridge between the connected, virtual world and the real, physical one. Put it this way: Everyone finds it frustrating when their laptop or phone crashes and anyone who has had their identity stolen can tell you how frustrating and even frightening that can be. But an IoT hack could be a whole lot scarier.

If your car software suddenly malfunctioned at 70mph, that’s a whole different situation―a life-threatening situation. Similarly, there have been a truly frightening number of stories about IoT security breaches in the healthcare sector. Clearly, as software and connectivity get woven deeper into the fabric of our daily lives, the consequences of cybersecurity breaches grow exponentially more serious.

Caution: Business Dangers Ahead

The security risks of IoT are, to an extent, a side-product of the technology’s stage of development. This is an emerging, bleeding-edge paradigm that is both poorly understood and quickly proliferating in worryingly equal measure. That amount of disruption and uncertainty means―from the perspectives of enterprises and consumers alike―investing in any IoT venture is unusually risky.

Look at Revolv’s smarthome hub, a neat piece of gear that centralized control of connected home devices. Revolv was acquired by Nest, which was acquired by Google, which already had products that delivered the same functionality. Consequently, around this time last year, Revolv announced that the hub would cease functioning entirely. Anyone who’d paid $300 for one was simply out of luck. Couldn’t have been much fun for the folks who developed the hub, either.

Real-World Advice

What’s the best way for businesses to react to the coming of IoT? Is the moral of the story here that if you play with fire, you get burned? In a sense, maybe. The point is―don’t just play and don’t go in unprepared. The business opportunities are enormous and to be ignored at your peril because IoT’s increasing ubiquity raises the possibility that it could disrupt your current business model out of existence before you know it.

You need to be in IoT but you need to come armed with tools that will provide the security and flexibility needed to survive in this fast-changing and potentially dangerous new world. This means having an IoT-optimized cybersecurity infrastructure focused on privileged access management and API security. It also means making your business agile from head to toe, so that you’re always ready to pivot as the market evolves.

About the author

Vice President Of Engineering at Apto. Software engineering executive who builds teams and empowers high-performing product development organizations.