Cyber attackers have already waged attacks on Internet of Things (IoT) devices to build massive botnets and launch crippling distributed denial-of-service (DDoS) attacks, knocking websites and online services offline. IT security professionals now fear that the rise of the Industrial Internet of Things (IIoT) could open a dangerous new front in the cybersecurity war.
In a Tripwire survey of 403 technology professionals, administered by Dimensional Research, nearly all respondents (96 percent) said they expected an increase in security attacks aimed at the IIoT this year. Fifty-one percent admitted that they weren't prepared to defend against IIoT threats.
"Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don't feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire, in a statement.
The IIoT is poised to grow by leaps and bounds over the next few years, providing a tempting target for cyber attackers.
Last year, Technavio forecast that the IIoT market would reach $132 billion in 2020. And according to Tripwire's own survey, 90 percent of respondents expect an increase in IIoT device and services deployments within their own organizations.
Meltzer painted a bleak picture if the industry doesn't start taking IIoT security seriously.
"There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations," he stated.
Fortunately, there are ways to secure IoT deployments.
"At the simplest level, companies should be incorporating security-by-design throughout the development and production process," James Scott, senior fellow at the Institute for Critical Infrastructure Technology, recently told eSecurity Planet's Drew Robb. "Consumers should be only purchasing these more secure and resilient devices that were developed according to NIST 800-160, they should be hardening the default settings, and they should be protecting the devices behind layers of security solutions from reputable vendors."
Scott also suggested that businesses harden default settings on IoT devices and use layered defenses, like artificial intelligence solutions that can distinguish between normal traffic and suspicious activity. He also urged some restraint, advising organizations to limit the number of IoT-enabled devices in their environments.