In more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets.
The Internet of Things (IoT), unlike SMAC (Social Mobile Analytics Cloud), moved faster from being an industry buzzword to reality. However, what needs to be examined is whether businesses are prepared to fully leverage IoT.
The McKinsey Quarterly for March of 2010defined IoT as: “sensors and actuators embedded in physical objects—from roadways to pacemakers—are linked through wired and wireless networks, often using the same Internet Protocol (IP) that connects the Internet. These networks churn out huge volumes of data that flow to computers for analysis. When objects can both sense the environment and communicate, they become tools for understanding complexity and responding to it swiftly.”
Essentially, vast volumes of information that, primarily, is exchanged between devices. This has several benefits to organizations. One use case to emphasize this is predictive maintenance.
Machines enabled with sensors and connectivity give businesses real-time capability to measure production equipment, allowing for cost-effective approaches to maintenance that can improve both factory productivity and capacity utilization by avoiding breakdowns. In effect, businesses can now move to a model of predict and prevent from repair and replace.
Predictive maintenance and city-wide systems are just two use cases. There are several more that straddle retail environments, offices, and vehicles.
However, in more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets. A botnet is a group of computers/devices connected in a coordinated fashion for malicious purposes; wherein each node within the botnet is referred to as a bot.
Botnets give rise to DDoS (Distributed Denial of Service) attacks much like the one in 2016 that affected ISPs in India, which was in the range of 200 gigabytes per second. At Akamai, we have successfully defended against DDoS attacks exceeding 620 Gbps. What’s important to focus on is not only the size of the attacks but the prevalence of them. In an age where IoT is supposed to be making things better, scope for equally nefarious applications of useful technology exist.
In India, IoT adoption is growing. According to a NASSCOM report titled IoT in India: The Next Big Wave, the IoT market in India is poised to reach USD 15 billion by 2020 accounting for nearly five percent of the total global market.
As the number of devices connecting with each other increases, so does the attack surface. India is already a prime target (and source of) web application attacks – according to data in our Second Quarter, 2017 State of the Internet / Security Report, India is 2nd in the list of countries in Asia Pacific that sourced the most web application attack traffic with close to 12,000,000 (12 Million) web application attacks attributed as originating from the country after China.
While this is a significant number, India also ranks 8th in the list of target countries for Web Application Attacks, globally.
The growth and use cases in IoT are not all for naught, however. While the threat looms, there are ways out. What’s required is awareness and standardization of processes. Threats and remedies to internet-based vulnerabilities are constantly evolving and at times depend on the individual capabilities within organizations. Going forward, there should be a constant exchange of information across organizations.
At a broad level, organizations do collaborate with CERT-In, the Indian Computer Emergency Response Team. While it’s truly positive to see that there’s increased information sharing between individual organizations and the government entity tasked with the Nation’s cybersecurity effort, what would be more impactful is when organizations come together, as a collective, to address the problem and arrive at approaches on how best to move forward, to safeguard their IP and their users.