In 2019, Microsoft made waves at its annual Black Hat conference in Las Vegas, where it confirmed its discovery of a malicious hacker group which was using common Internet of Things (IoT) devices to carry out widespread corporate attacks. The way in? Internet connected devices including a VOIP phone, a Wi-Fi office printer and a video decoder, with compromised devices across multiple customer locations. But these are just a few of the numerous examples of hackers exploiting the so called Internet of Things in recent years. Kirsty Fisher, CFO at Titania explains.
Many of these hacks could have had potentially serious consequences had they gone undetected. For example, in 2017, the Food and Drug Administration (FDA) issued a warning about implantable cardiac devices, which theyd found to be at risk of attack. Used to monitor and control heart function, including heart attacks, vulnerabilities meant hackers could control shocks, alter pacing and deplete the battery.
Tech analyst company IDC predicts that in total there will be 41.6 billion connected IoT devices by 2025. With no central security standards or compliance frameworks underpinning the proliferation of IoT devices, individuals and businesses remain exposed for the near future.
But what makes the Internet of Things and the risks associated with connected devices different from the traditional internet? Largely, the human factor. The IoT doesnt need people to work. It provides technology, media and telecoms companies with the opportunity to create new products and applications, which rely on sensors collecting, reviewing and acting on data. Popular with increasingly tech savvy homeowners, who want the latest smart app-controlled lighting and heating system or interactive media device, the opportunity for suppliers to create new revenue streams is huge.
However, the challenge with this automation is that it creates a huge wealth of sensitive data, which is then being shared amongst more people. Even the FBI has put out warnings about the risks, highlighting to people that hackers can use those innocent devices to do a virtual drive by of your digital life. Businesses are also being targeted through IoT devices as an entry point, with Microsoft and other tech giants highlighting attacks where access to secure networks has been gained via printers and VoIP systems amongst other connected devices.
As networks become increasingly complex and the growth of the Internet of Things shows no signs of slowing, the challenge of keeping businesses cyber secure and minimizing risk is greater than ever.
Spanning the public and private sector from smart cities and transport initiatives to healthcare and smart home/consumer applications, yet with no central standards in place, the onus is very much on those in the IoT ecosystem to work together to create as secure an environment as possible for the time being.
While there is some sector-led collaboration taking place, many organizations are looking to those in technology, media and telecommunications to take the reins and lead the way. Like many large organizations, in the past, businesses in these sectors may have implemented different cyber risk strategies appropriate to a particular department, country or product. With the increased threat from the IoT and new ways in which data is being used and connections to networks made, many are now revising cyber strategies to sit at a corporate, organization wide level. They are also paying more attention to preventative strategies, trying to predict IoT cyber threats before they happen, minimizing attacks that do take place and continuity planning for how they will restore services as soon as possible.
Despite the very real cyber security threat posed by the IoT and the complexity of the networks and parties involved, there is concern that too much control over data could stifle innovation. Many pioneers in the cyber security sector are suggesting the answer lies in the development of more secure devices and improvements in internet security to go alongside this.
Speaking on this issue, Philip Reitinger, President of the not for profit, Global Cyber Alliance neatly summarized the issue: We must move from the Internet of Things to the Secure Internet of Secure Things. First, we must build (more) Secure Things devices, software and services with few vulnerabilities, that are securely configured and automatically updated. Of critical importance, cloud services must come with security embedded and not as an up-sell.
Second, we need the Secure Internet automated collective defense must be built into the network, so that the Internet ecosystem can react as the body does, recognizing infections and fighting them off. We must build Internet Immunity.
Of course, while the industry calls for standards to be developed and the security of devices to be improved, businesses who want to use connected devices without compromising cyber security shouldnt be alarmed. Like the approach some of the larger tech and telcos companies are taking, businesses of all sizes can put in place simple, organization-wide preventative measures to minimize risk to their businesses as well as solutions to help them identify and respond quickly to threats.
Rather than neglecting your core network and putting the focus just on to connected devices, you should seek to improve the security of your network holistically as a weakness in one part can of course impact the rest. To minimize your attack surface and prevent adversarial intrusion by hardening your network, businesses should not underestimate the power of good cyber hygiene. A study by the Online Trust Alliance (OTA) estimated that 93 percent of cyber security incidents large and small could have been avoided if the business in question had basic cyber hygiene practices in place.
In short, cyber hygiene is the continuous cycle of carrying out routine checks on an organizations network, endpoints and applications to identify and fix any network vulnerabilities, protect against cyber threats and maintain online security. Best practice such as deleting old user accounts, firm-wide policies on access and passwords, back up of data, securing physical and cloud databases, checking routers and networks, might seem obvious, but keeping on top of the basics really is the key to cyber hygiene and minimizing the risks associated with security breaches.
Many organizations let basic cyber hygiene practices slip through lack of time and resource, not due to absence of expertise. Indeed, over the last decade many new risk management frameworks have been introduced to combat this; for example, in 2014 in the US, the Federal Government introduced its best practice DHS CDM, or Continuous Diagnostics & Mitigation program.
To comply with this framework, agencies are expected to audit their entire enterprise every three days. In practical terms, if you had 500 devices connected to your network, youd be carrying out nearly 61,000 audits every year. For a bigger organization with 25,000 devices, thatd be over 3 million vulnerability audits every year. Even if youre not aiming for CDM levels of network security, with the number of core network devices increasing across organizations, its not a problem that can be fixed by simply solving the shortage of skilled cyber security professionals in the industry.
Then add to this the need for resources dedicated resources to analyze the threat intelligence needed for effective threat detection and response and the scale of the cyber security challenge is laid bare.
Early threat detection and response is clearly part of the answer to protecting increasingly connected networks, because without threat, the risk, even to a vulnerable network, is low. However, ensuring the network is not vulnerable to adversaries in the first place is the assurance that many SOCs are striving for. Indeed, one cannot achieve the highest level of security without the other.
Even with increased capacity in your SOC to review cyber security practices and carry out regular audits, the amount of information garnered and its accuracy, is still at risk of being far too overwhelming for most teams to cope with.
For many organizations the answers lie in accurate audit automation and the powerful analysis of aggregated diagnostics data. This enables frequent enterprise-wide auditing to be carried out without the need for skilled network assessors to be undertaking repetitive, time consuming tasks which are prone to error. Instead, accurate detection and diagnostics data can be analyzed via a SIEM or SOAR dashboard, which allows assessors to group, classify and prioritize vulnerabilities for fixes which can be implemented by a skilled professional, or automatically via a playbook.
The right automation platforms ultimately provide the capability to check more devices across more networks more frequently, which is essential in combatting the risks that IoT brings. If youre investing in making your network more sophisticated by adding the latest connected devices, it is only wise to make sure that they are secure and also, through regular checks and good cyber hygiene, your core network is as secure as it possibly can be and not exposed to preventable attack.
Kirsty Fisher, Chief Financial Officer, Titania
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020
- The 6 key races you haven't heard of that may help decide how we secure our elections - POLITICO - September 30th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - Unica News - September 30th, 2020
- Study finds over 4-in-10 WFH employees in SEA find it hard to switch-off after work - Backend News - September 30th, 2020
- 5 Ways to Secure Your Home Network - The Good Men Project - September 29th, 2020
- How To Make Peace With Your Internet Passwords - Forbes - September 29th, 2020
- Five Types of Cyber Security for Organizational Safety - Analytics Insight - September 29th, 2020
- Internet of Things (IoT) Security Market Competitive Research and Precise Outlook 2020 to 2027 - The Daily Chronicle - September 29th, 2020
- IT Security Spending Market Analysis highlights the Impact of covid-19 (2020-2026) | Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - September 29th, 2020
- Schrdingers Web offers a sneak peek at the quantum internet - Science News - September 29th, 2020
- Counter-Terrorism: Raiders Of The Lost Cache - Strategy Page - September 29th, 2020
- Trending 2020: Internet of Things (IoT) Security Market Analysis, Size, Trends and Forecast to 2025| Cisco Systems, Intel Corporation, IBM Corporation... - September 29th, 2020
- IoT coffee machine hacked to demand ransom - IT PRO - September 29th, 2020
- Show me who bans TikTok and I'll show you your (future) allies | TheHill - The Hill - September 27th, 2020
- Lokibot keylogger infections are growing across the internet - Komando - September 27th, 2020
- Evasive Malware Threats on the Rise Despite Decline in Overall Attacks - Infosecurity Magazine - September 27th, 2020
- Internet of Things Security Market size, development, key opportunity, application and forecast to 2026 | Check Point Security Software Technologies,... - September 27th, 2020
- Fears mount over Russian and Chinese hackers targeting the 2020 U.S. presidential election - CNBC - September 27th, 2020
- Internet of Things (IoT) Security market to Witness Increase in Revenues by 2016-2028 - Crypto Daily - September 27th, 2020
- How to leave no trace on the internet when using a VPN? - Techiexpert.com - TechiExpert.com - September 27th, 2020
- 2020 Demand In Internet of Things (IoT) Security Market By Key Types, Regions, Countries, Top Companies Competition, Consumers, Import-Export Forecast... - September 27th, 2020
- How the Pandemic Pushed a Generation of Americans to Discover the Perks (and Risks) of Online Banking - NextAdvisor - September 27th, 2020
- IT Security-as-a-Service Market 2020 By Manufacturers, Regions, Type And Application, Forecast To 2025| Blue Coat, Cisco, IBM, Intel Security,... - September 27th, 2020
- APT groups actively target Linux-based workstations and servers - Backend News - September 27th, 2020
- Critical steps for securing cyberspace - Microsoft on the Issues - Microsoft - September 27th, 2020
- Proven ways to stay ahead of configuration drift - ITProPortal - September 27th, 2020
- Global Embedded Security For Internet Of Things Market 2020 Trends Analysis and (COVID-19) Effect Analysis | Key Players Market With COVID-19 Impact... - September 27th, 2020
- Internet of Things (IoT) Security Technology Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19... - September 27th, 2020
- REMOTE WORKING: PROGRESS AND PERILS - Forbes Africa - September 27th, 2020
- Avoid scam 'DMV' websites | Sedona.Biz - The Internet Voice of Sedona and The Verde Valley - Sedona.biz - September 27th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020