Mitigating the risks of massive IOT

Described as a global phenomenon, the arrival of massive IOT is said to mark a turning point in the development of IOT technology.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 07 Sept 2023
Paul Stuttard, director, Duxbury Networking.
Paul Stuttard, director, Duxbury Networking.

While the internet of things (IOT) has gained attention as an emerging technology − due to its potential to revolutionise industries such as healthcare, agriculture and transportation − the steady integration of IOT devices into corporate networks has brought about a number of benefits, including improved operational efficiency and data-driven insights.

For example, IOT sensors are used to monitor and optimise the use of resources in buildings, such as energy use, air quality and occupancy. And IOT devices are used in supply chain management to track the location and movement of goods and assets. This has increased supply chain efficiency and lowered the risk of theft or loss.

Additionally, IOT sensors are used to continuously check and maintain machinery and equipment. This helps to increase productivity and decrease downtime.

However, as with any emerging technology, there are also challenges to take into account. According to Beecham Research, during the next few years the scale of individual IOT deployments is projected to increase significantly.

This growth, which is expected to characterise most IOT deployments, will be supported by the advent of massive IOT (MIOT).

This refers to the IOT on an unprecedented scale. Described as a "global phenomenon", its arrival is said to mark a turning point in the development of IOT technology by harnessing the power of numerous sensors, connectivity and data processing to enable a wide range of cutting-edge applications and services.

Undoubtedly, it will be challenging to properly manage and maintain large numbers of MIOT devices.

MIOT will be underpinned by developments in LoRa wireless audio frequency technology, satellite connectivity and – significantly − the spread of 5G networks, which are estimated to accommodate about one million IOT devices per square kilometre.

In South Africa, mobile network providers are continuously growing their 5G networks, with the technology now available through operators in most of the country's major metros.

So, what challenges will MIOT bring, and how can they be met?

According to acclaimed technology author Camille Campbell, there is no question that organisations will gain a sizable amount of value from the advancement of connected technologies such as IOT, as they will contribute to improvements in the customer experience and drive efficiency.

However, she notes that with most rewards come risk. And the introduction of MIOT in the corporate arena will introduce several significant risks that organisations need to address to ensure the security and stability of their networks.

For example, MIOT entails linking a sizable number of devices − possibly billions − together. These gadgets may consist of sensors, actuators, wearables, machinery, vehicles and more. The vast number of linked devices in a MIOT network creates opportunities as well as threats that must be mitigated.

Importantly, MIOT-facilitated entry points to the corporate network raise significant security and privacy concerns, as they could expand the potential for cyber attacks.

In addition, weak passwords, outdated firmware and a lack of encryption might make entire MIOT networks more susceptible to attacks. Therefore, it is essential to make sure access control, authentication and encryption are all exceptionally strong.

Undoubtedly, it will be challenging to properly manage and maintain large numbers of MIOT devices. It could be difficult to track and update devices which may contain obsolete or unpatched firmware, thus increasing the risk of vulnerabilities.

By the same token, it may be possible for cyber criminals to introduce unauthorised or unmanaged IOT devices (shadow IOT) into a MIOT network by eluding out-of-date corporate security mechanisms.

Similarly, the sheer number of MIOT devices connected to a corporate network could tax its resources and cause congestion, which would impair the functionality of crucial systems and applications.

In a corporate setting, IOT devices may be in charge of thousands of physical systems, including those that regulate access, the climate and security cameras. Without effective centralised control and monitoring, attackers may use these systems to obtain unauthorised access if they are compromised.

Because MIOT devices are so widely networked, a compromise of one device might potentially result in a broader network breach, or lateral movement throughout the network.

MIOT devices produce vast amounts of data, which makes data administration, storage and analysis difficult. It will be necessary to use sophisticated machine learning and data analytics techniques in order to extract useful insights from the collected data.

A potential lack of standardised security protocols across IOT devices in a MIOT application could make it challenging to implement consistent security measures and may result in security gaps.

The risk exists that armies of botnets could use compromised MIOT devices to perform distributed denial of service attacks, flooding networks and causing service disruptions.

Therefore, to support the new era of MIOT, network infrastructures will need to be scalable, reliable and capable of handling massive increases in data traffic.

In this light, organisations and technology providers need to work together and collectively adopt a robust approach to security, which includes implementing strong authentication and encryption mechanisms together with the segmentation of networks, devices and important data, to make it harder for hackers to reach their targets.

It is important to conduct thorough risk assessments and vendor evaluations before onboarding new IOT devices, together with educating employees about MIOT security best practices and the risks of shadow IOT.

Finally, policies are essential in a MIOT deployment to efficiently manage resources, ensure security and privacy and optimise network performance. They provide a structured framework for handling the complexities of a vast and diverse MIOT ecosystem.

Ultimately, addressing the risks posed by MIOT requires a proactive and multi-layered security strategy that considers the unique challenges posed by many of the new and emerging IOT devices that will be functional within tomorrow’s corporate network.