Like other technology forecasters, Juniper Research in a new report predicts the Internet of Things is poised for explosive growth. But the IoT also represents “an unmanageable cybersecurity risk” unless its developers take preventative action, Juniper says.
In its report, “Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021,” Juniper predicts that the installed base of IoT devices will hit 15 billion units by 2021, up 120% from 2016. The IoT already connects such common things as cameras and thermostats as well as billions of other household, commercial, and industrial devices.
Payments companies are getting in on the IoT action, as witnessed by a line of Samsung refrigerators demonstrated by Mastercard Inc. last year that can order and pay for groceries. But, like security experts recently interviewed by Digital Transactions, Juniper is warning that many IoT devices are easy prey for hackers.
Last Oct. 21, the IoT played a key role in the largest-ever digital denial of service attack, which hit Dyn, a leading domain-registration services provider, in several waves. Through Dyn, the cyber-attackers were able to temporarily shut or slow down a number of major U.S. and European Web sites, including Twitter, Netflix, Reddit, The New York Times and The Wall Street Journal, and PayPal. In a DDoS attack, a targeted Web site is flooded with a massive number of requests simultaneously, overwhelming its capacity to respond. The October attack was notable in that it used a variant of malicious software called Mirai to marshal IoT devices and use them to send traffic to targeted sites.
“The vast scale of this [IoT] connectivity will, unless action is taken, lead to an unmanageable cybersecurity risk created by botnets in excess of 1 million units,” Juniper said in a news release.
Report author Steffen Sorrell said the Dyn attack may have been simply a “proof of concept” exercise, with more malicious attacks in the future targeting consumer and industrial markets as well as the public sector.
“In the medium term, botnets will be used far more creatively—not only to disrupt services, but also to create a distraction enabling multipronged attacks aimed at data theft or physical-asset disruption,” Sorrell said.
Hampshire, U.K.-based Juniper called on IoT device manufacturers to “take responsibility” by building greater security into their designs, and also said big tech companies such as Amazon, Google, and Samsung should lead efforts “to galvanize other vendors to apply security best practices.”