There was a time when the idea of security exploits involving the Internet of Things (IoT) amounted to little more than amusement over someone having managed to hack into their home network through a smart lightbulb. That notion seems rather quaint when weighed against the ransomware cyberattack in May this year that forced the Colonial oil pipeline in the US to shut down. It was reported that Colonial Pipeline paid the requested ransom (75 bitcoin or $4,4 million) within several hours after the attack, but it was several days before the pipeline could be restarted.
Sadly, as we know all too well, cyberattacks like this are no longer a novelty. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware increased by 767%. This increase occurred alongside a 29% decrease in the overall number of users affected by any kind of ransomware. The number of unique users from South Africa increased by 26%, ranking us third on the list of countries with the highest number of users encountering targeted ransomware.
According to the FBI, the average ransomware demand globally is estimated at $761,106. Organisations that decide not to pay the ransom spend around $732 520 to recover their systems, whereas businesses that do pay lose twice as much due to all the additional costs, totalling close to $1,45 million.
In response to the ever-shifting threat landscape, the IoT security market is set to accelerate over the coming years, with Markets and Markets forecasting growth from $12,5 billion in 2020 to $36,6 billion by 2025, at a compound annual growth rate (CAGR) of 23,9% over that period. Key factors cited are rising security concerns for critical infrastructure, increasing ransomware attacks on IoT devices, increasing data risk in IoT networks and growing IoT security regulations.
It’s no surprise, then, that designers of IoT devices list security as one of their top concerns. They are most certainly taking the issue and the potential pitfalls seriously, but the reality is that security often takes a backseat to more immediate challenges such as tight timelines and getting a product to market. What’s needed is an holistic approach that enables the security market to stay ahead of the bad actors, but instead it’s barely able to keep up with their constantly shifting, ever-more ingenious tactics.
When you pit that against the hackers’ strike force, it’s really not a fair fight. These are not the awkward loners portrayed in 1980s movies who were doing it for a cause, overthrowing some evil corporation or whatnot. They’re not all geniuses, mind you, but collectively they have some of the brightest, most determined IT brains on their side. And, as illustrated above, there’s money to be made from successful ransomware attacks – stacks of money and thanks to cryptocurrencies like Bitcoin it’s very difficult to track perpetrators down.
So, if you’re an evil genius with mad hacking skills, or if you just want to liven things up by doing some light extortion on the side, then first of all, don’t. It’s a crime. But if that earnest plea hasn’t dissuaded you and you’re still on the fence, consider this: Hackers can afford to fail many times. Security cannot afford to fail even once.
|Tel:||+27 11 543 5800|
|Articles:||More information and articles about Technews Publishing|
© Technews Publishing (Pty) Ltd | All Rights Reserved