Today, there are more electronic devices than humans on the planet. According to an estimate by Gartner, there will be 20.4 billion connected devices till 2020. IoT devices range from intelligent refrigerators that can order vegetables from grocery shops to smart cars that can intimate the nearest gas station. IoT technology has also found many uses in diverse fields that have played a significant role in improving efficiency and increasing profits. But it has its associated risks. In 2019, 69% of organizations suffered a data breach due to an insider threat.
IoT devices, no matter how useful and productive they might be, are prone to cyber-attacks. They provide very little security and are easily hacked. Many of them cannot update to the latest version that provides enough leeway to cybercriminals to steal business-critical data. Indian IT companies have been bearing the brunt of cybercrimes for decades, and the situation has been worsening. A recent survey has shown that Indian organizations have had to pay ₹8.02 crore on average to rectify the impact of ransomware attacks. The criticality of the situation can be understood from the fact that only 8% of Indian companies have been able to counter cyber-attacks compared to 24% at the global level.
As more and more industries adopt IoT to cut down costs and bring speed to operations, cyberattacks will only increase. According to recent estimates, by 2020, 25% of cyber attacks will be on IoT devices. Thus, it wouldn’t be unfair to say that those managers and leaders handling the new age security challenges in the old way are destined to doom. These problems need to be looked at with a fresh perspective and handled with contemporary technology.
1. Security training isn’t foolproof
In the wake of increasing cybercrimes, companies are investing heavily in security training. Employees are given a list of the Dos and Don’ts while operating and transacting through online means. They are also told what is ethical and what is not during these sessions. However, no matter how well-trained humans get in handling cybersecurity issues, they can never match the efficiency of a computer run algorithm. Humans are prone to making errors, and it’s completely natural because that’s the way we learn from our mistakes. But unfortunately, a single mistake or little negligence from our side is enough for an analytical machine to find loopholes and perform cyber theft.
Besides, security trainings do not have much to boast about. Recent reports suggest that about 80% of employees who have completed the training are susceptible to being phished.
2. IoT devices can be compromised easily
The proliferation of IoT devices is happening at a fast pace. They have spread to critical institutions such as hospitals, manufacturing facilities, offices, police stations, fire stations, and power plants and are also finding a place in our homes. Surveys indicate that 72% of people who own a voice-activated speaker say it’s an integral part of their daily lives. The picture becomes more haunting when we learn that 25% of people keep their voice-activated speakers in their bedrooms. Due to their immense benefits, people are beginning to oversee the security lapses and data compromises that come with such devices.
IoT enabled devices have inbuilt Wi-Fi and Bluetooth functionalities that allow them to connect with other devices instantly. It helps to collaborate remotely, share data within seconds, and enables teams to brainstorm and work simultaneously on a single project. But it also allows data security issues to arise. Gartner had predicted in 2016 that 30% of web browsing sessions in 2020 would be done without a screen. But what it didn’t forecast was the amount of data security challenges it will bring with itself.
For example, Amazon echo, an IoT device that works on voice technology, is ruling the charts. It has changed the way customers buy things online. Users no longer have to visit the Amazon website through their laptops or mobile phones. Instead, they can order easily from their echo device through their voice. But we fail to realize the hidden challenges in such technologies. These devices are made with very little regulatory control and can be manhandled easily.
3. Change your perspective on cyber crimes
It’s high time for managers to understand that cybersecurity is not an issue that humans can manage entirely. Instead, it has more to do with the relationship between IoT devices and the ERP system that controls all your business activities. Cybersecurity issues can arise and replicate across all interconnected devices at a fast pace. Your people — employees, customers, vendors — have no choice but to fall prey to them. It doesn’t mean that you should abandon security training sessions for your employees, but it indicates that the real solution to the problem is elsewhere. Contemporary security measures fall short of providing the necessary shield. Security analysts cannot control the vast swathes of attacks that happen regularly and the volume of vulnerabilities that your security systems are exposed to. It is seen that even after taking due precautions, IoT attack vectors such as KRACK and BlueBorne can infect devices easily and quickly. Companies need to adopt new ways to counter cybersecurity issues.
4. Invest in intelligent systems
We have realized that system analysts and contemporary security systems fall short of providing 360-degree protection against cybercrimes. Untrained and understaffed IT security personnel cannot monitor hundreds of interconnected devices all the time. You require intelligent systems to monitor, send alerts, and take necessary action against them. These work on algorithms that can identify devices or patterns that may pose risks, beforehand, and filter them from the system immediately.
There have been ample cases where electronic devices such as laptops, tablets, speakers had been found to transmit data surreptitiously to unknown locations. From the outside, it’s impossible for humans to judge which device has been compromised and which hasn’t. Also, current security systems don’t possess the ability to identify and stop malicious software from spreading to all the interconnected devices.
Intelligent systems, on the other hand, can identify suspicious behaviour in relatively less time and take the required action. They are much better than anti-phishing technologies that cannot identify and block attacks on their own.
Businesses of today and the future are going to face cyber attacks of different magnitudes. Companies must unburden their employees from the duty of fighting against every cybercrime that comes their way. Modern security tech doesn’t stand a chance against more significant and complicated data breaches. The stakes are higher than ever to protect your systems, and the emergence of billions of IoT devices has only complicated the matter further. It is high time that businesses realize the importance of intelligent systems over traditional security systems to move towards a brighter, smarter, and secure future.