As 2019 comes to a close, we thought we’d take a look back at the past year in cybersecurity in IoT.
In January of this year, we made a few predictions for what the coming year had in store for IoT cybersecurity (spoiler alert: we were right).
THE GROWTH OF RISC-V
We talk a lot about RISC-V. While it’s widely-accepted at this point that the RISC-V architecture is a game changer, RISC-V adoption saw a significant uptick in 2019. Attendance at the RISC-V Summit, the leading RISC-V conference, doubled since last year since 2018, a clear indicator that more and more companies are getting on board with this still-emerging technology.
Corporations like Andes Technology, one of the founders of the RISC-V foundation and our recently-announced partner, reported rapid growth of RISC-V processors in the first six months of 2019, launched its RISC-V FreeStart Program, and expanded its use of RISC-V processors in their IoT products.
As we head towards 2020 RISC-V adoption will only continue to grow, with Samsung being the latest high tech company to join the growing list of RISC-V users.
IOT IS MORE VULNERABLE THAN EVER
We’re thrilled that we were right about our prediction of RISC-V, but one of our not quite as positive predictions also proved true for 2019. As experts in cybersecurity, our fingers are on the pulse of industry trends—including the risks and vulnerabilities of devices in IoT.
According to a Gartner report, the number of IoT devices grew to over 1 billion devices in 2019, and that number is only expected to grow. With such a wide-net of IoT device ownership, from industrial IoT to low-power consumer devices, there is no shortage of cybersecurity risks on such a large network.
In fact, IoT cyberattack events numbered in the billions (that’s right, billions) in 2019, and saw a surge of 300%. While data and privacy breaches are the most common and publicized type of attack, the risk—and consequences—of attacks on Industrial IoT devices can be even more devastating and dangerous.
THE RISK OF “CYBER PEARL HARBOR” LOOMS
Which brings us to our final and accurate prediction: we are coming closer than ever to what former Secretary of Defense Leon Panetta, warned about.
In 2019, a number of cyberattacks, conducted mostly by nation-states but also private hacking groups, targeted companies, government agencies, and critical industrial and infrastructure providers across the globe.
Highly publicized incidents, like the hacking of the DNC server in 2016 by an organization linked to the Russian government, was confirmed by US intelligence organizations in January of this year. While a cyberattack such as this may be one of the first, it will hardly be the last, and bipartisan efforts are already underway to prevent any interference in the upcoming 2020 election.
The use of cyber operations by governments is becoming more and more commonplace. In June of this year, the US government led a cyber operation in Iran, targeting Iranian core command and control systems in an effort to mitigate the country’s ability to conduct any further attacks like the one it led on Saudi oil facilities earlier this year. The fact that a US official has even acknowledged this attack is notable, and a sign that cyberattacks as tools of modern day warfare won’t only be unsurprising, but expected, as we look to 2020 and beyond.
Of course, cyberattacks conducted by and targeting nation-states weren’t the only notable incidents of 2019. German manufacturers BASF, Siemens, and Henkel all confirmed they were the victims of cybercrime at the hands of private hacking groups (with possible links to nation-states).
Thankfully, all companies reported that no sensitive information was lost, but it is only a matter of time before these attacks become sophisticated enough to do significant damage. The three companies represent a combined revenue of over $100 billion. An attack that devastates one or all of these companies—or any of their peers—would have serious economic impact.
IoT CYBERSECURITY IN 2020
As attacks by private attacker groups and nation-states become more sophisticated, so must our cybersecurity efforts. It is no longer sufficient to rely on the traditional cybersecurity stack to protect and secure your devices, as that stack is fundamentally flawed.
Critical software security methods, such as compartmentalization and encryption are important, but as with any software, they have vulnerabilities. With a minimum of 15 bugs per 1,000 lines of code, it is not a matter of if, but when, an attacker is able to identify those vulnerabilities and exploit them. Lacking a method to reinforce your software creates a hole in the cybersecurity stack.
With one billion connected devices and growing, traditional cybersecurity solutions are not enough for devices on the IoT in 2020. As the IoT market grows, industries across markets are adopting AI and ML quickly, making security stakes even higher.
In order to truly ensure trust, safety, and security in the IoT, it needs a cybersecurity solution that immunizes devices against software vulnerabilities.
Want to learn more about how we can secure Industry 4.0? Watch our the recording of our webinar, "The Cybersecurity Stack: How to Secure Industry 4.0."