Would you live in a house that has doors with faulty bolts? And would you go to a gunfight without a gun? Or worse, would you risk your privacy in exchange of a coffee-maker that knows your espresso preference by habit?
These are some of the pertinent questions that owners of Internet of Things (IoT) device should contemplate, given the devices’ widely known weak security concern. According to global research firm Gartner, the IoT business will gain a momentum to cross the $434 million threshold by 2017 and $547 million by 2018 respectively. This is in stark contrast to the weak security infrastructure that IoT devices are built with. Various research conclude that over 64% of IoT devices are at present and imminent risk of major security vulnerabilities.
Seen objectively, these numbers are not at all surprising considering the lack of strong encryption mechanism in the much-touted smart objects. People are excited about having intelligent devices that can lock their houses in their absence, adjust thermostat to a preferred degree, or remind your car to refill gas or a make stop by the grocery store. But it’s scary to think that having a vulnerable IoT device is akin to locking your house with locks that you know can easily be broken.
Billions of IoT devices are being sold and distributed globally with low-end processors that simply are not up to the security standards for today’s highly insecure internet. These devices are built to connect to the internet in order to function, but the internet is a treacherous territory for anything that is not adequately protected. Shodan, the search engine for internet-connected devices is a prime example of the sort of the danger IoT products pose on people’s privacy. Anyone with an internet connection can use Shodan to pry on households, office cubicles or even an infant’s crib through insecure webcams and CCTV cameras.
In essence, the coveted smart devices are actually dumb in matters of privacy and security.
Machine Learning and Cloud Antivirus To the Rescue
Amidst the hopelessness of the present security concerns surrounding IoT landscape, there is one route that IoT manufacturers can take to enhance data safety and privacy. Fortunately, it’s nothing of an out-of-the-box solution that vendors have to go after to embed it to the devices; rather, it’s one of IoTs’ USP that can be used for their own advantage.
IoT products are designed to learn their owners’ preferences and habits so that they can imitate the settings to match user expectations. Machine-learning is an integral part of IoT evolution today and it’s the algorithm that propels devices to help improve efficiency, cut costs and save energy. Because IoT devices generate a lot of data and analyze the information to learn user behavior, the same technique can be employed to make them more watchful against security breaches and block unnecessary traffic.
Granted, machine learning are still in its nascent phase and it has a sizeable vacuum to be filled with research data and innovation. But the existing set of data and analytics is a glimpse of the potential machine learning offers to guard the IoT devices against online threats. Additionally, incorporating human insight to the learning process augments the machine intelligence because humans can make clear distinctions between genuine and malicious data and provide feedback for machines to mimic it during future events. The machine learning process in IoTs can use this input for predictive analysis for similar situations.
Many security vendors who are investing in cloud antivirus are already exploiting the cloud space to secure the IoT platform. They gather information from all endpoints and smart devices connected to a network and aggregate the data to a cloud server to analyze patterns and single out malicious traffic. When a cloud antivirus is being used, it sifts the dubious traffic for further investigation and learn from it. An IoT, in partnership with such a cloud antivirus software, can make use of the learning to normalize and sanitize bad traffic and talk to other connected devices for sharing the knowledge.
Such a cloud-based intelligence in combination with with other endpoint security programs and local network analytical tools can regulate online traffic and block malicious URLs from penetrating the IoT devices.
With the present technology, the only drawback with this strategy is that it tends to identify everything that is out of sync from the network traffic and raise too many false alarms. However, a little human intervention and a push from a well built cloud antivirus program can guide the IoTs’ intelligence in the right direction to ensure efficient virus removal and help them become more self-sufficient in terms of security.