Many Smart Device Cybersecurity Questions Remain Unanswered
When a botnet of IoT devices infected with the Mirai malware brought down much of the internet for a brief period in October, the security of smart devices was thrust firmly into the spotlight. This DDoS attack instructed simple devices to carry out simple tasks, but the collective effect of their actions led to complete chaos.
Unfortunately, it can be quite difficult to prevent this type of attack. Even cloud services that provide burst capacity cannot stand up to such large-scale attacks. It doesn’t matter what measures are put in place – attackers will find a way to overcome them.
Cost-conscious manufacturers are always looking for ways to save money, which leaves little incentive for them to invest in more bulletproof ways to secure their devices. It’s hard to blame them; many customers make buying decisions based on price and it’s hard for them to justify spending extra on security benefits they can’t fully grasp and that don’t even usually benefit them directly.
Complex Problems, Complex Solutions
Once a company has made millions of a particular device and consumers have put them into operation, what happens when someone finds a security vulnerability? Issuing a recall is tricky, and asking all of those consumers to ship the devices back is out of the question, particularly when the device in question is, say, a light fixture. A software update can only help if all of the device owners take the step of installing it – and if they all do it at the same time, that can pose a different set of problems.
Hackers are a lot more sophisticated than the automated defense systems that govern these networks. That is why a combined approach of automated network behavior analysis and human experts who can direct the network to respond resiliently is needed. That way, the malicious loads can be isolated without shutting the entire network down.