The global ransomware cyberattack called WannaCry affected over 230,000 computers running the Windows OS in more than 150 countries earlier this week. Although the USA was mostly spared, this has undoubtedly been a huge wake-up call across the tech industry.
‘Ransomware’ attacks involve the remote hijacking of computing devices by malware transmitted over the Internet that encrypt and threatens to destroy their data if ransom is not paid within a proscribed time period. Insidiously, the user is ‘enticed’ to pay the ransom within three days, after which the price doubles. After seven days, the malware promises to make the data forever irre-trievable. Ransomware attacks have largely focused on industries such as health-care and finance, that have a lot of sensitive data and cor-responding dollars to pay the ransom for retrieval. Surpri-singly, when hit with ransom-ware a high number of businesses actually end up paying it. According to 2016 research conducted by IBM, 70% of businesses paid the bad guys, with price tags ranging from $10K to $50K.
RANSOMWARE ATTACKS ON THE UPSWING
According to U.S. government statistics, ransomware attacks have been growing having quadrupled in 2016 with FBI estimates of one Billion dollars paid out to cybercriminals. The threat has had a relatively low profile outside of the security industry until now. IBM research found that nearly a third of respondents in its recent industry survey still weren’t familiar with the term ‘ransomware.’
But the times are changing and ransomware is a significant threat that is not going away for the computer industry—and an issue the IoT industry cannot afford to ignore. As connected devices take on more critical functionality in our daily lives—from controlling our home environments to self-driving cars—their potential ROI is only going to increase for would-be cyber attackers. The ‘Ransomware of Things’ (RoT) is coming and our industry needs to be prepared for IoT devices that are ripe for takeover by cybercriminals. As an industry, we must act to prevent IoT from starting to RoT from high-profile ransom attacks like WannaCry.
IOT DEVICE VUNERABILITIES
A recent report by Ponemon Institute points out an alarming vulnerability for the IoT industry through a survey of 16,450 IT security professionals who worked in mobile and IoT app security at their organizations. They found that 80% of Internet of Things (IoT) applications and 71% of mobile applications are not being tested for vulnerabilities. This was demonstrated in real life through the Mirai botnet DDoS attack on cameras, routers and other consumer devices last fall.
The ransomware issue just further demonstrates why security must be a chief concern for all consumer IoT companies. That’s why it is a priority for Arrayent as a leading IoT platform provider for major brands, and why we have been preparing a series of blogs on IoT security best practices – aimed at helping educate non-security professionals on the issues that need to be at the forefront of creating and deploying smart connected devices. Stay tuned to our first installment tomorrow.