Navigation on Security Ligue

Content navigation

A term explained – «IoT - understanding the threats of the „thing“»

Feb 15, 2018 04:22 PM

Issued by | Stefan Huber | International Security Ligue | ComGroup

Image caption:

The Internet of Things (IoT); the derived "things“, primarily mean devices. Suddenly every "thing“ becomes IoT because they can be connected to a network. Primarily hardware can collect, transmit or analyze data. It can be everything from a camera, to a sensor, to a router, a chip or merely any hardware. 

In 2017, there are already some estimated 15-20 billion devices in some ways connected to the net. More and more future devices will be able to interoperate within networks; more specifically intercompany networks that are embedded in specific computing systems. 

It is estimated that the number will double from 2017 to 2020 to approximately 30(*) to 40 billion devices with a market value of an estimated 7 trillion USD. And in 2030 estimates say, that about 125 billion devices will be connected. Imagine if every device can generate 50-60 concerns (**), what this means regarding security challenges in IoT today and in the very near future.

One "thing“ is the vulnerability of systems and networks through IoT devices used in companies. The other "thing“ is when employees use their private devices for company matters. With fast and faster-growing interconnectivity of all kind of devices, private life and business life will also melt more and more together. 

This process alone is accelerated by the fact that we use smartphones with all kind of private and company apps. Think of smart homes, smart cities, intelligent transportation, smart grids and more. Technology becomes available at a fingertip and instantly.

In addition to the foreseen doubling of device "things“, the additional complicated "things“ are due to the convergence of various technologies, including the presence everywhere if wireless communication, real-time analytics, machine learning, artificial intelligence, commodity sensors, and embedded systems.

At this point, we would like to refer to recent articles from Paul Chang of Certis Cisco and Dr. Martin Green of Axis. Paul Chang's strong statement, “You are not secure until you are cyber secure,” will say, that cyber and physical security melt more and more together and become one and one of the connecting element is IoT. Martin Green draws attention to the vulnerability of OEM products because neither the trader nor the user knows what is inside, again its all about IoT („Io-thing“).

Companies and organizations should pay much more attention to vulnerability risk evaluation, DDOS attack mitigation, and growing bandwidth necessities. Still today many of them, small, medium or large ones, are utterly unprepared to handle these risks. 

They must be addressed from the top of the organizations. IoT (and IT) risk assessment is an integral part of the overall risk assessment. Board and executive management have to assess on a regular base. It also affects the employee’s everyday lives (on and off work).

(*) Wikipedia estimates 
(**) HPE Internet of Things Research Study


Further informations