The rise of the Internet of Things is causing growing concern about the threat of cyberattacks both at home and in the workplace. This trend has led globally to an increase in insecurity in all consumers of smart devices.

IoT security spending is expected to increase by 30% annually, reaching $6 billion by 2023. Growing business risk and minimum regulatory standards are considered the main drivers of cybersecurity spending.

In parallel with the increase of connected devices, the percentage of collected data that is being stored in different places is increasing.

However, there is still no clear regulation or direction on how to take action against this landscape, so it is considered that it is time for organizations and regulatory bodies to act.

How do security companies raise this moment?

Most security organizations have adapted their services to the new cyber age, which means a focus on potential cyberattacks.

From an IoT perspective, the cybersecurity area is an unknown aspect for users. This results in a danger to the integrity of households or businesses. The more processed data organizations use, the more they are forced to take greater responsibility to ensure the integrity of their information.

Large companies like Qualcomm, Intel, Microsoft or Securithings are pushing robust security technology to the limit. Hybrid service providers are offering some highly promising technology/people-based solutions.

When implementing an IoT security program, there are some practices organizations can perform to avoid difficulties, such as using distributed intelligence, simulating threats, and processing them.

Source: Vector, with its own data
Source: Vector, with its own data

However, even if organizations work to mitigate the highest possible risk, they typically do not do what is necessary to implement a policy of remediation and incident response on time.

Many companies invest millions of dollars in security programs, especially in security event and incident management (SIEM) systems, just to not deploy them to their infrastructure.

When do cyberattacks occur?

Regardless of the barriers companies implement to prevent cyberattacks on IoT devices, the latest research suggests that smart products are often attacked within the first five minutes of being Connected.

In particular, DDoS attacks have continued to increase since their first appearance. The number of such attacks increased globally by 19% last year, compared to the previous year.

For example, institutions such as the UN or the IMF, which have never been interesting to hackers, suffered a 200% increase in the usual cyberattacks.

Because of this uncontrollable increase, users, both individuals and entrepreneurs, say they are willing to pay up to 20% more for a smart device, if it is shown that it has better data protection.

On average, consumers are willing to pay about 10% more for that device. Users are concerned about security and use it as an important factor when deciding on a purchase, however, once they purchase a device, they don’t rush to protect themselves.

In recent times the top 50 attacks recorded, during 2018, come from new IP addresses, which mainly means two things, the number of new hackers has increased and cybercriminals are using new attack systems.

Most of the attacks come from Brazil (18%), followed by China and Japan. At the receiving end is mainly Spain, which suffered 80% of all traffic monitored throughout 2018.

Attacks on the industrial sector

No area is exempt from being able to suffer a cyberattack on its IoT devices, but the industrial sector is one of the most attractive for criminals. The automation of processes and the emergence of connected devices (IIoT) specific to this field together with the lack of standards mentioned above, makes it a sector vulnerable to cyberattacks.

In recent years, manufacturing has suffered more than 368 different cyberattacks. About 90% of these attacks originated with external piracy rather than an internal compromise or misconfiguration, and more importantly, the 86% were custom-designed attacks to penetrate specific companies.

An example of this is what happened in Atlanta in March 2018. As in every city in the developed world, Atlanta and its citizens rely on online services that offer simple applications such as parking, bill pay, court appearances and a mix of local government bureaucracy .

Using a ransomware hacking platform called SamSam, attackers buried theself in the city network to encrypt and retain a set of applications as hostages. With a ransom demand of $51,000 seemingly unsatisfied, the attack ultimately cost the government about $2.6 million.

However, it was not the only attack perpetrated by SamSam, who was blamed for other crimes during 2018, including the City of Newark, the Colorado Department of Transportation, the University of Calgary, and perhaps most worrying of all from a point of view barcelona and San Diego.

On the other hand, the UK figures are also surprising, where more than 1.6% of the companies admit that they are not using any kind of cybersecurity solution to protect themselves, their company or the data they own.

Conclusions

Security standards, or lack thereof in the field of the Internet of Things, has led to a point of no return when it comes to IoT devices. Today, there are more than 8 billion devices deployed worldwide that, for the most part, prioritize the convenience of access to security.

The percentage of vulnerable devices is difficult to calculate, however, the 12 billion new devices by 2020 are expected to have no high security standards in the 12 billion new devices by 2020.

Therefore, organizations should prepare for the impact of new cyberattacks:

  • Crypto-jacking will increase on IoT systems that are good for processing data such as SOHO routers, game consoles and others.
  • Ransomware attacks will grow against IoT systems that control a critical function where the owner is more likely to pay the ransom.
  • Spyware aimed at industrial control systems (could be a foreign confrontation or a collection of friendly data).
  • War attacks targeting critical industrial control systems by national states, including physical attacks and espionage.