IoT typically represents a network of physical objects (or “things”) embedded with electronics, software, sensors, and connectivity to enable those objects to exchange data with the manufacturer, operator, cloud and/or other connected devices.
The huge number of devices connected through heterogeneous infrastructures increases the risk of attacks. The potential attack of an IoT infrastructure (network or end devices) generates risks, including loss of control of the application, denial of service, switching off (e.g. smart grid application), user privacy loss, fraud, terrorist attacks… with heavy social consequences such as loss of revenue, liability issues, brand damage, people’s health, job destruction.
When implementing an IoT infrastructure, I recommend conducting a security analysis in order to evaluate the effect of a successful attack and to define the best security solution to be implemented. Hackers or malicious users are motivated by various considerations, such as money, having fun, technical challenge, terrorism, etc. To achieve their goals, they deploy solutions to abuse the functionalities of a device or extract information from it.
Usually, hackers put in perspective the reward of the hack vs. the “cost” and the “risk” of the attack: the time he spent to perform the attack vs the cost of equipment needed to perform the attack (economical barrier). The expertise required to perform the attack is a good example of “cost”. An example of “risk” includes a legal penalty if caught (fine, prison, etc.).
I want to highlight that it’s important to size security according to the consequence of a hack, not to the value of the device itself.
To learn more about Security for Connected Devices, watch our Senior Vice President Martin Bergenwall's latest interview and read the full article :