The Internet of Things is riddled with security challenges. Cybercriminals know this too, and have often been quicker to take advantage of vulnerabilities than we have been to fix them. For instance, according to Fortinet’s Threat Landscape Report for the second quarter of 2017, 90% of organizations recorded attacks that targeted system and device vulnerabilities that were at least three years old, even though updates and patches had long been available. It’s even more alarming that 60% of organizations reported attacks aimed at vulnerabilities that were 10 or more years old.
Today, the billions of online IoT devices present an even more daunting challenge because they generally don’t receive the level of control, visibility, and protection that traditional systems receive. Coupled with widespread automation-based attacks, the potential for damage is even greater. Recent developments, outlined below, reveal why it’s time to take IoT security seriously.
Smart to Smarter2016’s Mirai malware was the first IoT botnet to lead to an unprecedentedly massive distributed denial-of-service attack. And this year brought us new generations of IoT-based attacks, like Hajime and Poison Ivy, that have multiple toolkits built into them.