If you paid even the slightest attention to tech media and conferences in 2016, you heard how the Internet of Things (IoT) is the next big thing. While there’s hype surrounding the tremendous opportunity the IoT offers, there are still hazards that have yet to be properly addressed. The biggest concern — safety — is a thorny topic with which enterprises are still grappling. For example, 2016’s DDoS attack on Dyn that took down several major websites such as Twitter was caused by a bot army of unsecured IoT devices. This attack is only the tip of the iceberg, and in 2017 we should expect more of the same, but websites and companies won’t be the only targets. Unless manufacturers and users of connected devices get serious about security, we will see these attacks evolve this year. I believe that there’s a significant chance these attacks could extend to major government institutions and hospitals.
Why these attacks are coming
According to a study from HP, 70 percent of IoT devices are currently vulnerable to an attack. While both manufacturers and their customers are certainly working to reduce that, a significant number of IoT devices will still be unprotected in 2017. Additionally, Gartner predicts over 20 billion IoT devices by 2020. Let’s say that in the next three years the number of secure IoT devices doubles, which means that only 40 percent will be insecure. According to Gartner’s estimate that means a total of 8 billion devices by then that are free to be enlisted in a hacker’s arsenal: roughly equivalent to the population of the Earth. That security risk is beyond anything we’ve currently seen in the realm of cybersecurity.
The risk isn’t necessarily coming from the sophistication of attacks but poor security practices of IoT users. Bad practices such as using the default usernames and passwords that are supposed to be used only for setup and then changed, are making it easy for attackers to take those devices and using them as botnets. Companies aren’t doing much to stop this or other potential sources of breaches. A study showed over 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack and a stunning 98 percent of the most vulnerable executives have…