Cyber security for IoT explained

An overview of IoT cyber security

What is cyber security for IoT?

Cyber security is essential in preventing harm to the integrity of the electronic devices and services that people and organisations use daily, as well as ensuring the confidentiality of the data stored and transmitted.

Some of these devices and services form the basis of our critical national infrastructure, such as emergency services, communications, transport, defence and utilities.

Cyber security involves the use of processes, technologies and controls for the protection of devices, systems, networks and data from cyber attacks and the ability to recover from these attacks.

How is IoT cyber security different to IT cyber security?

The main difference is that IoT devices are more connected to the physical world. There is also a greater number and wider range of types of IoT devices than IT devices. The environments that IoT devices operate in are more diverse than traditional IT systems and could include being in remote areas, exposed to extreme weather or in a situation in which they are vulnerable to tampering.

IoT devices are also procured, used or managed by a wider range of people and are less likely to be maintained and updated with the latest software when compared to IT devices.

While machine-to-machine communications and attacks have been around for decades, IoT is a relatively new term, and the most high-profile cyber attacks have occurred in the last 10 years.

Why do intentional IoT cyber attacks take place?

Intentional attacks on IoT devices occur for several reasons, such as:

Financial gain – a primary motivation for attacks is either stealing information to sell or holding it for extortion or ransom.
Preventing or limiting ability to operate – possibly motivated by revenge, differing beliefs, terrorism, activism or an attempt to damage competitors financially or reputationally. These could be attacks to temporarily disrupt services or actions which could lead to permanent physical damage to devices or result in injury to users.
Curiosity and challenge – while some attacks may be financially motivated, others are driven by an interest in technology, the challenge presented and the ability to brag and boast about hacking activities.

Who commits cyber attacks?

There is no one profile of individual or organisation that performs IoT attacks. They range from hackers working alone or in small groups through to organised criminal gangs and even nation states engaged in wider espionage activity and/or cyber warfare.

How big a problem is an IoT cyber attack?

We live in an increasingly hyper-connected world. The introduction of IoT devices significantly increases the surface of connected devices visible to be attacked and thus the exposure to risk.

IoT is therefore a potential route into or to disrupt wider systems, applications and networks, if not adequately protected.

The forecasts for the number of IoT devices varies but the research organisation Gartner predicts that there will be 25 billion IoT devices by 2021.

Bain & Company survey reported that in 2018, 45% of IoT buyers in companies cited security concerns as a factor limiting adoption.

These figures offer an indication of the size of the challenge for both IoT developers and end users.

According to research by Dutch software firm Irdeto, the financial risk to the UK from cyber attacks targeting IoT devices could be approximately £1 billion annually, a figure based on the current average cost per UK business each year of £244,000.

Attacks tend not to be personal or specifically targeted, it’s more often the case that individuals or organisations have known IoT vulnerabilities, making them easy targets to attack

Take a look at organisations we have worked with

If you would like to find out more about our work with businesses of all sizes, public sector bodies and universities, we have highlighted some of the challenges we have faced together with our clients.

View our projects Let's talk