Aware of Mirai - the infamous 2016 Internet-of-Things (IoT) botnet. The malware used hundreds of thousands of infected IoT devices to launch a large distributed denial-of-service (DDoS) attack that brought down prominent websites. These attacks are notable since they were conducted via modest, unassuming IoT gadgets, including home routers, air quality sensors, and personal security cameras.

Source: 2017 paper published at USENIX Security

The incident clearly demarcates the extent of cyber attacks when it comes to IoT devices. As per CompTia, there are currently about 24 billion operational technology (OT) and internet of things (IoT) devices in use, and by 2030, there will likely be billions more. 

Present scenario 

Smart devices help us communicate with one another and receive information instantly. Similarly, businesses adore smart IoT devices because they enable persistent communication with customers and data collection. Take the case of healthcare, where patient wearables that monitor vitals and give doctors meaningful data. The benefit of linking more and more devices is that financial organisations can have real-time financial data throughout the day. The industrial and manufacturing sectors have also witnessed widespread IoT deployment.

Despite the advantages, connecting to the internet also exposes you to potential online dangers. The same as your phone or laptop, when an air-conditioner is internet-enabled, it becomes a device that cybercriminals can now exploit. In addition, with more and more connected devices, the number of access points available to cyber criminals increases greatly.

Moreover, securing IoT devices is itself a mammoth task. The market expects manufacturers and innovators to introduce new products with a lower time-to-market, without giving much importance to the security aspect. Further, many businesses remain unaware of the security risks posed by IoT and are frequently more interested in the cost savings and convenience that IoT may provide. 

Path to move ahead

Only internet-based gadgets are not properly covered under the IoT umbrella. IoT security is necessary for IoT devices, including even Bluetooth-enabled appliances. First, most of the concerns can be addressed during the research and development phase of the device itself. It's crucial to use safe hardware, the most modern operating systems, and to enable security by default. In the very first place, the IoT developers should be sensitised and aware of cybersecurity vulnerabilities at all times, not just during the design stage.

Second, businesses can incorporate a sensible approach with the timely change of default passwords for each and every of their IoT devices. Additionally, it's important to reset the revised passwords promptly. The passwords can simply be kept in a password vault for added security. This action can stop unauthorised individuals from accessing valuable data. Third, PKI (Public Key Infrastructure) is a great tool for protecting client-server connections among various networked devices. PKI enables the encryption and decryption of private messages and interactions using digital certificates by employing a two-key asymmetric cryptosystem. These technologies aid in safeguarding the plain text data that users enter on websites to conduct confidential business. 

Additionally, API (Application Programming Interface) forms the backbone of websites. API security is important to ensure the integrity of data delivered from IoT devices to back-end systems and to guarantee that only authorised devices, developers, and apps interact with APIs because hackers can infiltrate these communication channels. Also, vulnerability scanners are useful for identifying the various devices connected to a network. Businesses may find this to be a useful tool for enhancing IoT security. Known vulnerabilities related to connected devices can be found using a vulnerability scanner in conjunction with a regular scanning schedule.

To sum up, IoT applications include everything from inventory management and fitness tracking to smart homes and smart cities. Business Insider estimates that approximately $15 trillion will be spent on IoT products, services, and infrastructure. Despite the fact that IoT devices may appear too small or specialised to pose a threat, there is a real risk that attackers can take them over. This calls for an immediate resolution to have a cybersecurity perspective always combined with the IoT.