Thursday December 10th, 2020
More than 200 Billion IoT devices will be connected by the end of 2020, according to Intel. The risks associated with IoT technologies are increasing due to the fact that they are often components with security deficiencies. Most IoT devices do not have built-in update systems, so vulnerabilities in these devices cannot be easily solved.
We spoke with Edgar Salazar, cybersecurity specialist and co-founder of Guayoyo, to learn more about what we are facing and how we can deal with this problem.
“Cyber attackers are looking for the easiest way to access our homes and businesses with the intention of stealing data, hijacking our information or systems, interfering with our processes or damaging our reputation and by this, trying to obtain an economic profit. IoT technology opens a way for them to be able to access remotely through vulnerabilities located in these technologies ”, explains Edgar.
In June of this year, a set of vulnerabilities called Ripple 20 was identified. It corresponds to 19 vulnerabilities that reside in a component used in multiple IoT devices.
Ripple20 reached critical IoT devices from different industries involving a diverse group of vendors. Affected vendors range from SMEs to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter.
Guayoyo developed HowlerMonkey (https://www.howlermonkey.io/) so that its clients can receive alerts of vulnerabilities that arise daily and that may affect their technologies, including IoT technologies. This way, it allows taking proactive actions and minimize the risks.
“Companies invest a lot of money in securing the perimeter of their network, they do security exercises to understand what their risks are but, on the other hand, emerging technologies continue to be added and this can later represent a problem if they are not taken into account within the umbrella of the cybersecurity equipment. In some way, this makes all the investment to look like it was not worth it”, adds Edgar.
When a company adopts new technologies, it is also accepting new risks. They must be evaluated to understand the impact, possible consequences and possible controls to minimize these risks.
IoT technologies are beginning to be used in many industries and sectors such as health, industry, transportation, energy (oil / gas), telecommunications, retail and other industries. Cyber attackers exploiting these vulnerabilities can even put people’s lives at risk.
This year Guayoyo was working jointly with Dronfies (a Pyxis ecosystem company that specializes in developing software and technology for drones) in the vulnerability analysis of its PortableUTM product (https://portableutm.com/). It consists of an open source based unmanned traffic management system.
“For sure this will open the doors for us to carry out security tests in emerging technologies, both in IoT applied to different industries or, as in this case, Flying IoT for unmanned ships”, explains Edgar.
Thursday December 10th, 2020