Digital transformation threatens to become a profitable playground for sophisticated cybercriminals as the cost of data breaches hits $2.1 trillion globally by 2019, warns Juniper Research. That’s nearly four times the financial consequence analysts expect from breaches this year.
The majority of breaches are likely to come from attacks against existing IT and network infrastructure, Juniper Research warns, but Internet of Things (IoT) devices may become future targets. The analysts note that while the number of identified IoT infections remains small, new threats are being reported at an “increasing rate”.
What makes this scenario more challenging is the increased professionalism of cybercriminals. Criminal hacks are becoming commoditized.
Don’t panic, yet: “Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable,” noted Juniper Research report author James Moar.
While reassuring in the present the Moar’s statement does suggest attacks against mobile devices, platforms and other connected things will become more likely as the potential payloads become more profitable.
“With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools,” he notes.
But things may change…
Profit motive
A little reported recent attack saw Starbucks customers in the US defrauded of hundreds of dollars. Criminals figured out how to subvert credit card protection using the Starbucks mobile app.
As a sign of what’s to come as apps and mobile payments become increasingly popular, this may be a salutary story for those concerned about their security.
Sophisticated cybercriminals already use authentic seeming “phishing” attempts to harvest user names and passwords – but the bad news is how convincing these attempts are becoming.
Intel Security tested 19,000 people in 144 countries to see if they could spot phishing emails and found that on average they missed 1 in 4 of these attempts.
It’s not as if connected devices are confined to smart homes. Other elements to this ecosystem include network equipment, connectivity services, and more.
“IoT is a growing market and with the number of connected devices, cyber criminals will start looking at ways to intrude the networks and exploit them,” warns Websense Regional Director (India and SAARC) Surendra Singh.
Infrastructure interests cybercriminals. Think about last year’s attack on Home Depot, when hackers used the connected HVAC system to undermine security and steal personal data.
Singh observes attacks against hotel temperature control systems and medical devices have already been attempted, stressing the need to secure IoT devices.
Risk/reward
At Mobile World Congress this year, Sophos security researcher, James Lyne, demonstrated how cybercriminals can easily compromise mobile devices and Internet-connected closed-circuit cameras (CCTV), hacking into an Android tablet over Wi-Fi to record video and audio.
“Considering how most organizations are still struggling with Bring Your Own Device (BYOD), the challenges of the IoT comes at the worst of times, particularly when you consider that the IoT includes consumer devices that IT may be forced to support for business purposes,” he warned.
Last year’s HP Fortify Report warned 80 percent of connected IoT devices lacked sufficiently complex passwords, leaving them vulnerable to attack. Other security weaknesses included lack of encryption and user account ID protection.
“IoT offers previously unimaginable connectivity and applications, yet the ease of deployment and the desire to innovate often override security concerns,” warns Singh.
Orange Business offers 400 consultants, eight security operations centers and 15 research and development facilities to help you ensure your IoT products are secured. Or explore recent research from Orange Labs here.
Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men's interest magazine, Calibre Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He's really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.