Apparently there is nothing that can’t be connected to the internet: from kettles to parking meters and even pacemakers. Gartner estimates there will be more than 8 billion devices in the internet of things (IoT) by the end of this year.
But the corollary is that everything that can be connected to the internet can also be hacked. In fact, attacks on IoT devices were up 280% in the first part of 2017 and Gartner anticipates that a third of all cyber attacks will target shadow IT and IoT devices by 2020.
Very often, IoT devices are manufactured with little or no security controls and are all Wi-Fi- and Bluetooth-enabled; they are designed to connect immediately, which means that they are constantly in communication, capable of spreading malware that hops from system to system with no human interaction.
An example is what happened on August 2016, when the Mirai botnet attack targeted Internet recording devices to create one of the largest DDoS attacks in history, taking down giants like Twitter and Netflix.
Therefore, securing the massive number of IoT devices will represent one of our biggest challenges in the future.
AI: An Esssential Part of DefensesWhat’s our defense plan? One resource to help create guidelines and drive the requirements for businesses to follow is the Open Web Application Security Project (OWASP), which lays out cybersecurity suggestions in its IoT Attack Surface Areas Project.
However, the huge number of IoT devices makes it nearly impossible for current security solutions and understaffed IT and security teams to manually identify and stop risky activity. In order to identify devices and behaviour patterns that represent a threat, the entire cybersecurity system must evolve and must be intelligent enough to identify all connected devices and the vulnerabilities they introduce, approve and deny access to networks and systems, and learn from constantly evolving conditions to become more effective over time.
This is why artificial intelligence (AI) will become paramount in the fight against cyber crime in the IoT era. Only AI will be able to make sense of the huge amount of data required to correlate events and detect abnormal behaviors. As FICO's chief analytics officer, Scott Zoldi, said over a year ago, it's time to get real about IoT security.