Cyber security is essential in preventing harm to the integrity of the electronic devices and services that people and organisations use daily, as well as ensuring the confidentiality of the data stored and transmitted.
Some of these devices and services form the basis of our critical national infrastructure, such as emergency services, communications, transport, defence and utilities.
Cyber security involves the use of processes, technologies and controls for the protection of devices, systems, networks and data from cyber attacks and the ability to recover from these attacks.
The main difference is that IoT devices are more connected to the physical world. There is also a greater number and wider range of types of IoT devices than IT devices. The environments that IoT devices operate in are more diverse than traditional IT systems and could include being in remote areas, exposed to extreme weather or in a situation in which they are vulnerable to tampering.
IoT devices are also procured, used or managed by a wider range of people and are less likely to be maintained and updated with the latest software when compared to IT devices.
While machine-to-machine communications and attacks have been around for decades, IoT is a relatively new term, and the most high-profile cyber attacks have occurred in the last 10 years.
Intentional attacks on IoT devices occur for several reasons, such as:
There is no one profile of individual or organisation that performs IoT attacks. They range from hackers working alone or in small groups through to organised criminal gangs and even nation states engaged in wider espionage activity and/or cyber warfare.
We live in an increasingly hyper-connected world. The introduction of IoT devices significantly increases the surface of connected devices visible to be attacked and thus the exposure to risk.
IoT is therefore a potential route into or to disrupt wider systems, applications and networks, if not adequately protected.
The forecasts for the number of IoT devices varies but the research organisation Gartner predicts that there will be 25 billion IoT devices by 2021.
Bain & Company survey reported that in 2018, 45% of IoT buyers in companies cited security concerns as a factor limiting adoption.
These figures offer an indication of the size of the challenge for both IoT developers and end users.
According to research by Dutch software firm Irdeto, the financial risk to the UK from cyber attacks targeting IoT devices could be approximately £1 billion annually, a figure based on the current average cost per UK business each year of £244,000.
Attacks tend not to be personal or specifically targeted, it’s more often the case that individuals or organisations have known IoT vulnerabilities, making them easy targets to attack