Opinion: Huntsman Security’s Piers Wilson looks at the Internet of Things and how businesses can protect themselves from the potential threats.
The Consumer Electronics Show (CES) kicked the technology industry off with a bang yet again this year, and one thing was heard loud and clear – Internet of Things (IoT) is going to be huge. Every person and every industry will feel the impact; from farmers in the developing world to astronauts like Tim Peake.
Tech giant Mark Zuckerberg made yet more waves when he announced his own big ambitions for IoT, with a pledge to create his own digital personal assistant – modelled on Iron Man’s AI sidekick Jarvis. Considering Juniper Research estimates 38 billion connected devices will grace the earth by 2020, very soon the IoT will be unavoidable. Of course, exciting as all this is, with every new technology comes new security risks, and IoT will be no exception.
Maintaining security as sci-fi becomes reality
Securing networks, devices and data, has always been something businesses need to be wary of – especially as cyber threats have increased and hackers have become more brazen. However, IoT brings with it challenges that businesses haven’t faced before. For one, the sheer number and variety of devices connected to the network will be jaw-dropping. Gartner estimates that 2.4 billion IoT units will be installed in businesses by the end of this year, alongside a further four billion consumer gadgets that will undoubtedly be all too present in the enterprise. This will massively increase the organisation’s attack-surface, with each new device bringing its own unique risks. As we saw recently, even a simple webcam can be susceptible to hacking. However, the array of smart watches and other gadgets that employees will undoubtedly be hooking up to the enterprise network this year will be all-too tempting for cybercriminals.
It will soon become impossible for IT teams to manually monitor all the connections in use across the enterprise. As such, they should be thinking about alternative ways of monitoring their systems – which take into account the huge number of ways in which IoT might soon be used in the office. From Fitbit activity trackers to Apple Watches, employees could introduce any number of devices to enterprise IT networks. The risk is that IT won’t be able to secure every new endpoint and they probably won’t even know the device is there until it connects. Just imagine if someone brings in a Star Wars BB-8 droid to show off around the office, and it happens to be running malicious software. IT security teams would have very little warning that the droid had joined the dark side until havoc had been unleashed on their network.
IoT is clearly going to change how IT departments see security, and there are three main issues to be aware of and ready to address:
– Who opened the pod bay door?
One of the biggest threats facing businesses has always been hackers gaining direct access to the company network. As such, IT departments need to be able to monitor traffic to ensure that a connected device hasn’t inadvertently – or perhaps even on purpose – opened a back door to allow hackers easy access. Due to the sheer number of devices, and different ways that people might be looking to gain access, it is important that IT departments are able to determine when the behaviour of devices or users changes, as it might indicate a breach taking place.
– Error: Security not found
Another issue that businesses will come up against is the complete lack of security that many IoT devices suffer from. A recent report found that 60% of IoT devices have vulnerabilities present in their software and firmware. The fact of the matter is that a small connected sensor or device simply doesn’t have the storage or power necessary to run security software on top of its embedded operating system. As such, many devices introduced to company networks might represent glaring security holes that even inexperienced hackers could take advantage of. To counteract this threat, systems should be put in place that monitor the network – which are then able to instantly detect suspicious behaviour.
– Hyper drive overload
With IT departments already under huge pressure from the new threats they face, the biggest issue they are likely to come up against is a rising volume of threat alerts created by the sheer number of devices on their networks. For many, this will create an information overload, making it impossible to fully monitor their networks and work out which threats need to be investigated and which are benign. Introducing automated threat detection and prevention systems will mean that IT departments won’t have to deal with low-level threats, which can be remediated without their direct involvement. This will leave them with more time to deal with bigger problems.
IoT is set to transform how we live our lives, but businesses should be wary of its potential to amplify the risks that they already face many times over. In order to counteract this, IT departments need to evolve their security practices, adopting a newer and smarter approach to defending their borders. Monitoring behaviour and embracing automation will relieve IT teams of some of the pressure that comes from an increased workload, allowing them to focus on tackling the most important threats.
Piers Wilson is Head of Product Management at Huntsman Security