Nearly every day costly and invasive cyberattacks are making headlines, and recently these have included attacks on Internet of Things (IoT) solutions. IoT device breaches like the recent attack on Amazon’s Ring devices in four states left victims shocked as hackers shouted racial slurs, demanded ransom, yelled at children and terrified families. These breaches aren’t isolated to Ring devices with countless other hacking events in deployments including Smart Cities, connected cars and healthcare making headlines over recent months.
While IoT provides immense opportunities for cost savings and efficiencies, breaches like these show the need for companies to strengthen their security efforts especially as they continue to add new devices. The IoT market is expected to grow from 27 billion devices in 2017 to 125 billion in 2030; however, 48 percent of companies that use IoT devices in the workplace don’t have mechanisms in place to detect when their devices are hacked, highlighting the need to prioritize adoption of IoT-specific security measures. This is imperative for not only preventing breaches but ensuring organizations are prepared to securely deploy IoT solutions at the breakneck speed forecasted by many industry analysts.
IoT devices have vulnerabilities that traditional information technology (IT) systems don’t have. These vulnerabilities are not always well understood and often they are not properly addressed during installation. Additionally, the desire to immediately reap the benefits of IoT devices can often mean using a device without first implementing the appropriate security measures.
Sensors, WiFi and Bluetooth are essential components of IoT devices, but also pose unique security challenges. Sensors capture enormous amounts of data but this data often is outside the existing scope of information the device was stated to capture. As a result, hackers have access to data that a device owner is not aware is being captured. Safety can be compromised if sensors are hacked that have the ability to alter other aspects of physical systems. Network protocols like Bluetooth and WiFi have well publicized vulnerabilities as they give access to systems that once were only accessed locally. This creates privacy risks and also makes it more difficult to make assumption about the security of on-board information processing and interactions with other systems such as heating, door locks, camera, etc.
IoT security is the responsibility of both manufacturers and device owners, and each party responsible needs to be keenly interested in identifying and protecting devices from threats. This requires a shared understanding of responsibilities and the expectation that both parties will do their part to continue to enhance security efforts and put appropriate protocols in place.
IoT cyberattacks by the numbers
IoT vulnerabilities by industry
Across the IoT landscape, different industries have gravitated toward IoT offerings that align with their business needs which also means that there are different risk factors, points of entry and hacker motives. While the top motive for executing a breach is financial, a slew of reasons ranging from espionage, fun, convenience and grudges are other factors.
The top breach types by industry
Protecting against a breach
Standard cybersecurity solutions are not, in our view, sufficient for securing IoT deployments. The unique attributes of a system with hundreds or thousands of sensors, dozens of access points (radios, nodes on the network) and many, many unique users means the most effective IoT security solutions will be built from the ground up with IoT as the purpose. A completely new approach to securing devices is needed that goes beyond passwords and phishing credentials. Leading companies and emerging innovators are forging new cyber security paths for the IoT.
KPMG Corporate Finance LLC has deep advisory expertise in IoT and has invested significantly in understanding who is leading in IoT cybersecurity. As a leading M&A advisor on IoT capabilities, we are aware of the latest trends and challenges in this space. We welcome the opportunity to speak with you about the strategic landscape in IoT and cybersecurity.