Q+A: “It is no longer a case of if, but when, you will be attacked”.
Sean Newman, field product manager for Cisco’s security strategy, tells CBR how IT departments and consumers should be securing the devices that will increasingly pervade our lives.
1. With the wearable tech industry predicted to reach $20bn by 2020, which wearable devices do you expect to take off in the future?
Eyes are on the big brands at the moment, like Google’s Glass, and the hotly anticipated iWatch product from Apple. Not only watches, but also things like fitness bands. In the future, people will be drawn to products that are less visible, such as tech-woven clothes or small pieces of jewellery. The popularity of a product will be down to how it is designed, with consumer needs at front of mind. Devices will need to decrease in size, improve in performance and battery life, and drop in price, if brands want their products to take off and remain competitive.
3. What privacy concerns can wearable tech bring with them?
As we connect ourselves more and more, it’s important to be aware of the risks and repercussions of doing so and the potential risks to our privacy and those around us.
Fitness bands, that monitor and capture information about our movement using GPS, can provide a malicious user with details about our daily routines and patterns, as well as our current location.
Apart from the questions about what wearable technology means for the privacy of individuals, there’s the question of what the security implications of connecting these devices to the corporate infrastructure will be. Employees who bring these devices into their place of work won’t necessarily be giving much thought to security control, leaving the doors wide open for potential fraudulent data capture. For an IT team defending their organisation, wearable technology adds another dimension to the increasingly popular BYOD phenomenon – one that could cause even bigger headaches!
4. What are the most risky security attacks wearable devices are susceptible to at the moment?
Hackers are increasingly innovative, organised and commercialised; meaning advanced malware from cyber-attacks will continue to be a huge problem. Expert hackers can already access "root" features on wearable devices and significantly alter their behaviour from that which they were designed for. This could also give them access to all a user’s information and updates, in real time.
5. What can developers do to avoid these risks when building their devices?
These devices, and the software that powers them, must be designed and built with security in mind, right from the start of the creative process. It is then essential to undertake thorough testing of any product, or app that runs on it, before it is bought to market. This will help to minimise the risk but, in this era of sophisticated and innovative attackers, it is unlikely to remove it completely.
With the imagination of consumers driving the future of technology, it can be all too easy for developers to become swept up in all the excitement.
6. What is the industry doing to protect end users? Are they doing enough?
Although most IT departments already have guidelines that address such issues as workplace social networking, safe computing and BYOD usage, wearable technology raises several questions for the further development of these standards.
To track and control the use of wearable technology, organisations need to deploy technologies that deliver continuous visibility into everything on the network – fixed and mobile devices, operating systems, applications, users, traffic patterns, files and vulnerabilities, as well as threats. With this baseline of information they can identify potential threats and other security policy violations.
Ultimately, security with respect to wearable devices, is a question of three phases:
Before – establishing control over where, when and how the devices are used and what data they can access, store, or send to the Internet.
During – visibility and actionable intelligence is vital for security professionals to identify threats and risky devices, and monitor their activities on the corporate network.
After – when the inevitable happens and the network is compromised by a threat, be able to retrospectively review how that threat entered the network; which devices and systems it interacted with and what files and applications were run, to ensure it can be blocked and then cleaned up, as quickly as possible.
7. Tell me about Cisco’s plans for approaching the wearable tech market?
Earlier this year, Cisco announced that it would be investing $150million in the Internet of Things to help start-ups and other companies develop various connected products, including wearable technology, having forecast the market to be worth $14.4trillion by 2022.
Cisco believes that it is no longer a case of if, but when you will be attacked, so we have shifted away from the purely point-in-time detection model for security. We are now delivering an end-to-end security solution, which extends the conventional model, to include continuous protection across the extended network, countering advanced threats before, during and after an attack.