The Internet of Things or IoT, as many of us famously call it, is considered as one of the few emerging technologies that has the potential of changing the way the entire world works. Gartner predicts that there will be about 8.4 billion connected devices by the end of this year, a figure which is up by a whopping 31% in 2016. In fact, according to a report by F5 Networks, this figure will rise to reach 20.4 billion by 2020 .
While there are people excited about the rise of IoT and its devices, there are others who are a little overwhelmed thinking about the havoc that can be created if botnet building attackers end up choosing unregulated IoT devices as their cyber weapon delivery system of choice.
According to the report by the American firm, while Spain comes at the top with 25.5 million attacks, the Indian subcontinent occupies the second position globally in the top 20 attack source countries of 2017.
The F5 Networks report highlighted that 83 per cent of all the attacks originated from Spain and 93 percent of these attacks happened between January and February. Apart from Spain and India, other countries that made an appearance on the list by contributing to the attacks included Russia, South Korea and Seychelles. However, interestingly, India’s neighbour and arch rival China has worked hard at diluting its contribution in the attacks this time when compared to previous years.
Apart from attack vectors originating from the Indian subcontinent, the report also highlighted the presence of Persirai-infected IP cameras across the country.
For the uninitiated, Persirai is a malware which attacks IP cameras with DDoS attacks.
Headquartered in Seattle, Washington, F5 Networks specializes in application delivery networking (ADN) technology for the delivery of web applications and the security, performance, availability of servers, data storage devices, and other network and cloud resources.
Disappointingly, IoT devices are vulnerable to attacks because they’re dependent on wireless communication which is unprotected most of the time and the devices still have very little computing power.
Talking to ETtech over telephone, David Holmes, Principal Threat Research Evangelist, F5 Labs, threw some light on IoT products and security. He revealed, that most of the IoT products are designed without taking security into consideration. They usually work on old un-patched operating systems with default passwords on devices which are never changed and have multiple points of vulnerability. Furthermore, most of these IoT devices are being made available through Telnet and can be easily hacked due to lack of high security controls.
According to a comprehensive economic study done by the consulting firm, McKinsey and Company, about IoT’s much talked about economic potential benefits, it was revealed that the total economic benefit of IoT in the year 2025 could hit anywhere between $3.9 trillion to $11.1 trillion, with the high estimate equivalent of 11 percent of world GDP in 2025. However, if the attacks keep happening the way they are right now, meeting these figures seems like a far-fetched dreams.
According to industry experts, while IoT will lead to a huge explosion of data, but the innovators are still not giving that much importance to the security side of this as they should. It was only last year that a distributed denial-of-service (DDoS) attack had forced a temporarily taken down of some of the most popular websites including Twitter and Netflix. This particular incident send out a panic wave across the industry with almost 90% of developers believing that IoT products do not have the necessary security in place and 85% admitting that they have rushed an IoT application to the market despite knowing about security concerns.
Last year, Mirai, the malware, had single-handedly caused one of the worst distributed denial of service (DDoS) cyberattacks that the world had experienced in the last few years, and had managed to spread and infect internet-connected devices in over 177 countries all around the world.
When it comes to cyber security, India doesn’t have the best of reputation. According to a recent IBM study conducted by Ponemon Institute, while the average cost of a data breach in 2017 decreased by 10 per cent globally when compared to the 2016 figure, but for the Indian enterprises, it grew by 12.3 percent from Rs 97.3 million in 2016 to Rs 110 million in 2017.
Elaborating on the findings of the IBM study, John Shier, Senior Security Expert at the Abingdon, UK-headquartered Sophos, did an interview with IANS and said, “India has well-trained, well-educated and capable IT people. The country has got access to all the tools it needs to secure its systems. Yet, in the case of a big cyber attack, India is still unprepared.”
This development was first reported in ETtech.