Go beyond the FBI recommendations to secure future of IoT, say the experts

January 8, 2020

Posted by: Anasia D'mello

Itsik Harpaz of Essence-SigmaDots

Millions of IoT devices have been purchased during the holidays. Between gifts and sales, consumers acquire a myriad new of Internet of Things (IoT) devices ranging from smart speakers to home assistants.

This, says Itsik Harpaz, CEO of Essence-SigmaDots, provides cybercriminals with a golden opportunity for launching attacks. Each new device gives a hacker another access point to sensitive data stored on networks. To make matters worse, many less-expensive devices have particularly poor security.

With the number of IoT devices on the rise, we increasingly see IoT networks threatened by sophisticated cyberattacks. As more devices enter the market, the number of potential access points for hackers increases. 2019 has seen the rapid expansion of the IoT market, this is likely to continue in 2020. Gartner predicts that the market will grow to 5.8 billion IoT endpoints in 2020. Although this increase has the potential to improve consumers’ lives, it also represents new challenges for the IoT industry.

Warning from Kaspersky

Kaspersky vividly demonstrated the scale of the problem in a recent experiment that measured the number of cyberattacks that take place on IoT networks. Deploying 50 honeypots around the world, they registered 20,000 infected sessions every 15 minutes. In the first half of 2019, this came to 105 million attacks, originating with 276,000 unique IP addresses.

This is a startling rise from the year before, when 12 million attacks took place, originating with 69,000 IP addresses. In short, the IoT industry faces a crisis if it fails to respond to the risks posed by cyberattacks.

In light of the alarming rise in cyberattacks using IoT devices, the FBI recently suggested that consumers protect their data and privacy by putting their IoT devices on a separate network from their phones and computers.

IoT users need to do more

Although the FBI statement is a step in the right direction, it is not a solution. It fails to appreciate the practical difficulties, expense, and complexity that an independent IoT network would cause for those of us running our homes and businesses with IoT.

IoT security is a difficult problem to solve; there are no standards, and many devices lack the capacity to use traditional cybersecurity approaches. The problem is compounded by the fact that it takes only one weak link to allow a hacker into your network. As was widely reported recently, this can be as small as a smart lightbulb. Once inside, a hacker has access to your home network, including data stored on computers and mobile devices. Photos, text messages and videos are all up for grabs.

Decentralise key network functions

At Sigmadots we found that, by decentralising key network functions, we are able to secure the entire IoT network using blockchain-like methodology; every node in the network plays a role in securing the entire network. Even the role of the messaging broker is decentralised, eliminating a central point of attack. Using this approach, increasing the number of devices actually increases the level of network security; thus turning a major weakness into a strength.

Decentralised security means that each and every node in an IoT network plays a role in securing the entire network. Consequently, it would take an attack on many nodes simultaneously in order to compromise the entire system. If the power has traditionally been with the hackers, this new approach tips the balance the other way, towards IoT manufacturers and users. The odds are now stacked against the hackers – the system prevents an attack on the network even if individual nodes are attacked.

A decentralised cybersecurity approach addresses both the limitations of IoT devices and the demands of IoT consumers and manufacturers. Unlike other suggested approaches, it provides a high level of cyber-protection without introducing additional operational complexity. Certainly, the IoT industry must continue to evolve and adapt to new challenges, however the decentralised approach can go a long way in making IoT networks more secure today.

The author is Itsik Harpaz, CEO, Essence-SigmaDots

Comment on this article below or via Twitter @IoTGN