2016 Security Predictions: #2 – IoT will gain notoriety as both an attack target and an attack source
With the continued rapid growth in the Internet of Things (IoT), we expect to see an increase in both the number and severity of active exploits of connected devices. Analysts predict that there will be over 5 billion connected “things” by the end of 2016, and as the number of devices leveraging personal information grows, we’ll start hearing about exploits targeting consumer-oriented IoT devices. This will lead to more vocal advocacy for consumer protection through government regulation, or more likely, industry-driven mandates similar to those defined by Payment Card Industry Data Security Standard (PCI DSS).
IoT-specific threats are exacerbated by a number of factors:
- The number of connected “things” is outpacing the ability to secure them.
- Many devices have little to no security built in.
- There is no formalized process for securing IoT devices.
- An increasing number of devices provide access to personal information.
- Meeting demand for capabilities will continue to be a higher priority than security.
For those looking for more information about IoT threats and mitigation, resources are available. The OWASP Internet of Things Project has identified the top attack surface areas of vulnerability for IoT devices and has issued the following recommendations, as well as specific guidance for testing and security to manufacturers. They also recommend that consumers take the following steps to protect themselves from IoT-related threats.