IoT Risks: What are the implications for your business?
The Internet of Things (“IoT”) consists of a global network of Internet connected devices, from commercial climate control systems to vehicle diagnostic tools, smart watches, and household appliances. It is projected to reach 50 billion devices by 2020. To put that number in perspective, that equates to more than six Internet-connected devices for every human being on the planet.
This proliferation, while widely adopted and recognised as being beneficial, has created unintended consequences by opening vulnerabilities for cyber criminals to exploit.
Dyn, a managed DNS service provider, was the victim of a massive distributed denial of service (“DDOS”) attack in late October that caused outages and slowed bandwidth for many websites including Twitter, Spotify and Reddit. This DDoS attack was executed by taking control of a large number of IoT devices, such as IP cameras and routers that are exposed to the Internet and are protected with weak security controls, and instructing them to access Dyn simultaneously.
This action overwhelmed Dyn’s servers and left them unable to perform their standard service for legitimate customers. A DDoS attack essentially shuts down websites by overwhelming their servers with traffic from various IP addresses.
The risk of being forced offline, even briefly, is significant for an enormous number of businesses that rely on Internet connectivity for sales, customer service and day to day operations. A DDoS attack can result in the loss of £millions in revenue.
Even amid growing cyber risks, there are advantages to the IoT. It is positive for many businesses as it can provide actionable intelligence for the real world in real time. The IoT will change business models and accelerate automation.
Business must consider the vulnerabilities that exist in internet connected devices. The resources available through cyber insurance, including financial protection and risk transfer, are valuable ways to preserve the benefits of connectivity while reducing risk.
Article written by Juliet White, an underwriter in XL Catlin’s Cyber and Technology Insurance Group.