The Internet of Things (IoT) is quickly changing our relationship with technology. The IoT is a network of physical objects embedded with electronics, software, sensors and the ability to connect within an existing Internet infrastructure. IoT devices can range from smart electricity meters to heart monitoring implants.

Everyday, millions of people use connected devices in their homes, at their offices and in public spaces. And the number of connected devices is rapidly growing. Gartner estimates that there will be nearly 25 billion connected devices by 2020. As the market expands and new kinds of connected devices proliferate, the IoT will influence both daily life and business operations in more and more profound ways.

But is the total adoption of the IoT necessarily a safe decision for enterprises? For heavily regulated industries, such as government and finance, the Internet of Things can expose organizations to significant risks from thingbots, botnets and data hacking. People today are like an ever expanding data cluster, and the information they manage and exchange with coworkers, businesses and loved ones needs to be properly protected to prevent serious privacy and security issues.

Risks of the Internet of Things

Malware-based attacks represent a significant threat to IoT devices. Principal security firms have recently spotted several strains of malware-developed specifically to infect IoT devices and modify their behavior. A botnet composed of infected IoT devices, also known as thingbots, could be used to send spam messages or to target a service, flooding it with an unexpected amount of requests and blocking it from being used (DDoS attack). In a typical attack scenario, a bad actor exploits a vulnerability in the device, or in its configuration, that blocks its operations.

Data breaches are also among the most serious Internet of Things risks. A threat actor could spy on the communication within networks of IoT devices in order to gather sensitive information about individuals and organizations. It is important to also consider accidental breaches that could expose sensitive information managed by IoT devices due to incorrect settings within the smart objects. For example, a government official’s smartphone could broadcast its location or other sensitive information due to incorrect configuration of a mobile app.

Many IoT devices lack security features by design, which could open the door for hackers to infiltrate these objects and compromise the host network. In a 2015 study from Veracode, researchers found that some consumer IoT devices demonstrated security vulnerabilities that could offer a potential pathway for theft of sensitive data or even stalking.

Securing the Internet of Things

In order to mitigate the risks of the IoT, it is important to carefully assess security. Large IT organizations are looking with great interest to the Internet of Things benefits, and they’re making sizable investments to improve the security and usability of IoT devices. During his keynote address at CES in 2015, BK Yoon, president and CEO of Samsung Electronics, stressed the fundamental importance of security. “IoT must be secure. Security must be baked into hardware and software at every level,” he stated. “Our whole industry must work closely together to make that happen.”

Two critical approaches for mitigating the risks of the Internet of Things are the adoption of coding best practices and Public Key Infrastructure (PKI) solutions. The use of coding best practices increases the software’s resilience to cyber attacks and establishes procedures of fault tolerance in case of an incident. The adoption of PKI solutions allows IoT devices to communicate securely by ensuring a mutual authentication between devices. At the same time, the encryption capabilities can allow personal information to be transmitted securely without the risk of being hacked. In addition, PKI solutions prevent malicious code from altering the software running on the IoT devices by digitally signing the source code, which means that any alteration caused by malware will be detected.

The Business of the Internet of Things

During his CES keynote, Yoon announced that Samsung will strongly invest in a new generation of open IoT devices that will be designed to improve connectivity and security among peer devices. “Without this kind of openness, there won’t be an Internet of Things because the things will not fit together,” Yoon explained. “People say they want to create a single operating system for IoT, but these people only work with their own devices. We can deliver the benefits of IoT only if all sensors can talk to each other.”

In 2014, Samsung sold 665 million devices, the majority of which participate in the IoT ecosystem. By 2019, Samsung predicts that 100 percent of its devices will use the IoT ecosystem. Smart digital signage, smartphones, wearables, among a host of other Internet-connected devices produced by the company, will be designed to reduce IoT risks and improve connectivity.

Aligned with this vision for the IoT, Samsung acquired SmartThings, a leading developer of smart home hub technology. SmartThings continues to develop its market leadership as part of the Samsung Open Innovation Center (OIC).

The IoT presents an incredible opportunity for forward-looking businesses. However, the importance of privacy and security cannot be underestimated when it comes to IoT devices. The risks of the IoT must be addressed urgently, and vendors must adopt a security-by-design approach that can mitigate these threats.

Posts By

Pierluigi Paganini

Pierluigi Paganini is the chief information security officer at Bit4Id, member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, ECIPS, Cyber Threat Intelligence Network (CTIN), (ISC)2 Italy Chapter and CLUSIT. He is a security evangelist, security analyst, freelance writer and editor-in-chief at "Cyber Defense Magazine." Follow him on Twitter: @securityaffairs.

View more posts by Pierluigi Paganini