In your opinion, what are the biggest IoT security risks and challenges? Cite resources and references that back up your assertions.
The biggest risk in the evolving world of IoT has to be near parallel development of hacking and malware, with a close and related second being lack of user awareness around security. With increased presence of connectivity in our everyday lives, including devices containing crucial information and services so readily available to us, so too has there been an increased presence in malicious parties looking to access, steal, and misuse it, or even hold it for a ransom. Recent developments, and increased use in malware has seen many vulnerable people, and at-risk business fall prey to these attacks. The more we rely on these connected devices, like our mobile devices, smart-home security systems, smart-vehicles and the like, the more susceptible we are to having them used against us in one way or another. Even the data on these devices, and what we share on these devices is getting more important, and at risk of being compromised by these malicious parties.(Saif, 2020) One of the biggest reasons this happens is related to a lack of user awareness and education, as well as a general overwhelming of IoT in everyday life.
The more connectivity, and IoT you deal with in your everyday life, the higher risk there is of a user overlooking the security aspect of one of them, which my lead to it being compromised. An incredibly common mistake using, and reusing the same password(s) on many devices at once. While this point has been repeated infinitely throughout security meetings, and in everyday life, it’s still an important point. Another user-related risk is “social engineering”, wherein a malicious party gathers information about, and seeks to form a false relationship with a target in an effort to use them to gain access to a device, or network. This can range from a common phishing scam to a more direct efforts like infiltrating a location, and stealing employee identification to directly access an area, or simply being let in under the assumption they are allowed to be there. (Rosencrance & Bacon, 2021) The more we develop and rely on internet-connected devices, the more we need to educate, prepare, and secure ourselves against those who would use these developments against us, for their own benefit.
Saif, I. (2020, April 24). Cyber risk in an internet of things world: Deloitte Us. Deloitte United States. Retrieved September 6, 2022, from https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/cyber-risk-in-an-internet-of-things-world-emerging-trends.html
Rosencrance, L., & Bacon, M. (2021, June 3). What are social engineering attacks? SearchSecurity. Retrieved September 6, 2022, from https://www.techtarget.com/searchsecurity/definition/social-engineering