The IoT Threat Landscape

As technology continues to pervade modern-day society, security and trust have become significant concerns. This is particularly due to the plethora of cyber attacks that target organizations, governments and society.

The traditional approach to address such challenges has been to conduct cybersecurity risk assessments that seek to identify critical assets, the threats they face, the likelihood of a successful attack and the harm that may be caused.

Through this methodology, the identified risks are being prioritized to be able to select the appropriate strategies to effectively mitigate them.

The Internet of Things (IoT) is set to benefit the quality and efficiency of products and services in smart grid, manufacturing, retail, critical infrastructure and more. According to Forbes, the market for industrial IoT (IIoT) alone is projected to hit $123 billion by 2021. The main challenge behind the explosion of IoT is the devices’ diversity in terms of scale, connectivity and heterogeneity. Not to mention the fact that IoT devices are assumed to be not secure.

The main reason behind this is that manufacturers of connected devices, as well as the industries that use them, often engage these devices without proper cybersecurity awareness. Many organizations are not aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology devices do.

These devices are computer systems with hardware components as well as operating systems and applications within their firmware that often feature communication interfaces to the outside world.

The United States Government Accountability Office has provided an assessment of the status and security issues surrounding the IoT and has identified the following type of attacks as primary threats to IoT:

  • Denial of Service
  • Malware
  • Passive Wiretapping
  • Structured query language injection (SQLi (Read more...)