Question of IoT risk.
Experts are split on the future of ransomware amidst the rise of connected devices.
Some anticipate the Internet of Things will be a prime target among attackers. "The impact of IoT ransomware could be bigger than mobile," says James Carder, CISO of LogRhythm and VP of LogRhythm Labs. Mobile-based ransomware is intriguing from a business perspective, he says, but the overall impact of IoT -- with the sheer number of sensors and amount of people wearing them -- could be severe in 2017. It could pose a particularly large threat to critical infrastructure, he says.
Liska, in contrast, doesn't foresee a rise in ransomware attacks among connected devices. Many IoT products are "headless" and contain little data, or have information backed up to the vendor's cloud. "There are all kinds of security issues with that model, but ransomware isn't one of them," he says.
For most potential victims of IoT ransomware, there would be little motivation to pay a ransom. This is especially relevant for consumer devices; for example, a connected refrigerator. Home appliances contain no critical information. If hacked, users could simply restart them.
However, he continues, there is a risk for people using connected medical devices or other types of data systems. "If you have a medical device with a Windows head and someone installs ransomware on the system controlling those, it could pose a huge threat," he explains.
In the near term, IoT devices with poor security won't increase the threat of data-centric ransomware attacks on businesses. As long as organizations struggle to patch and monitor endpoint devices, users' workstations will remain an easier path of attack than other connected devices. Hackers are already effective in penetrating organizations with encrypted Office docs. Why should they bother working their way through other connected devices?
(Image: Jamesteohart via Shutterstock)