IoT Is The Future, But What Sort Of Future Will It Be?

There’s no denying that the Internet of Things will have a profound impact on how we live, work, and communicate. From connected cities and homes to smart logistics and manufacturing systems, the IoT is already everywhere and its presence will only increase over the next decade. Much of the compute, storage, and bandwidth of our global IT infrastructure will be consumed by IoT applications. As an infrastructure hosting provider, we’re seeing the impact as our high-availability cloud platform is adopted by companies leveraging ubiquitous smart and mobile devices to build innovative applications.

But all of that potential could be undermined if IoT device manufacturers and application developers fail to take security seriously. In 2017, there’s plenty of evidence that a blasé attitude to security in the IoT portends a disaster. The market has been flooded by poorly secured devices which are not — and in many cases cannot be — patched to remove vulnerabilities. Such devices create a legacy of vulnerability that is likely to be with us for many years into the future.

The most obvious manifestation of the insecure Internet of Things today is the massive proliferation of highly damaging distributed denial of service attacks. Just a few years ago, creating a botnet with sufficient bandwidth to cause outages and slowdowns to major service providers was a challenge, involving the compromise of many machines and clever amplification methods.

Today, it’s much easier: there are millions of insecure, internet-connected devices that are easy pickings for even moderately skilled criminals. Take a look at the Shodan search engine: in no time at all you can generate a list of easily compromised devices that can be slaved to a botnet.

Last year, a massive DDoS attack caused severe service disruptions when criminals targeted Dyn, a DNS provider. The impact of the attack was felt by some of the largest web service providers, companies most of us rely on and interact with every day. The Mirai botnet, which launched the attacks, was largely composed of routers and internet-connected cameras — easily compromised because their manufacturers didn’t take security seriously enough.

And of course, DDoS attacks aren’t the only risk. As more insecure smart devices find their way into our homes and offices, the likelihood of serious privacy and security breaches increases.

We’re in the early days of the Internet of Things, and we can expect the security situation to get worse before it gets better. There are encouraging signs that the industry is starting to take security seriously, which is certainly a move in the right direction. But for today, forward-thinking companies must take steps to protect themselves.

Distributed Denial of Service attacks range from a minor nuisance to an existential risk for businesses that depend on the web (and which businesses don’t?). DDoS attacks are something every business should take seriously, and DDoS protection is becoming table stakes for doing business on the web.