IoT Risks: What are the implications for your business?
The Internet of Things (“IoT”) consists of a global network of Internet connected devices, from commercial climate control systems to vehicle diagnostic tools, smart watches, and household appliances. It is projected to reach 50 billion devices by 2020. To put that number in perspective, that equates to more than six Internet-connected devices for every human being on the planet.
This proliferation, while widely adopted and recognized as being beneficial, has created unintended consequences by opening vulnerabilities for cyber criminals to exploit. Dyn, a managed DNS service provider, was the victim of a massive distributed denial of service (“DDOS”) attack in late October that caused outages and slowed bandwidth for many websites including Twitter, Spotify and Reddit on the east coast. This DDoS attack was executed by taking control of a large number of IoT devices, such as IP cameras and routers that are exposed to the Internet and are protected with weak security controls, and instructing them to access Dyn simultaneously. This action overwhelmed Dyn’s servers and left them unable to perform their standard service for legitimate customers. A DDoS attack essentially shuts down websites by overwhelming their servers with traffic from various IP addresses.
The risk of being forced offline, even briefly, is significant for an enormous number of businesses that rely on Internet connectivity for sales, customer service and day to day operations. A DDoS attack can result in the loss of millions of dollars in revenue.
Even amid growing cyber risks, there are advantages to the IoT. The IoT is positive for many businesses and individuals as it can provide actionable intelligence for the real world in real time, according to Gartner. The IoT will change business models and accelerate automation.
Consider this example: vehicle maintenance. In the past, maintaining a car engine or servicing a major household appliance was based on a predictive schedule -- manufacturers and technicians know that certain things can occur after a set number of miles, hours, or use. Connected devices can alert their owners of potential problems allowing them to take to take action sooner to prevent damage or equipment failure. Health care and fitness are other areas where the IoT is playing a big role. The ability to convey real-time health data to medical professionals, as well as monitor daily exercise and sleeping habits, could lead to improved health and well-being.
Business must consider the vulnerabilities that exist in internet connected devices. The resources available through cyber insurance, including financial protection and risk transfer, are valuable ways to preserve the benefits of connectivity while reducing risk.
Juliet White is an underwriter in XL Catlin’s Cyber and Technology Insurance Group.