BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>Feature>

PREVIOUS

Filtered Articles:1 of 92   Current Article ID:6497

NEXT



Land of opportunity - and potential catastrophe

Editorial Type: Industry Focus     Date: 03-2016    Views: 1973      









The massive benefits that IOT can deliver in what has now become a hyper-connected society must be set against the countless risks posed each day by Cyberattacks

The increasing prevalence of the Internet of Things (IoT) in modern society presents significant opportunities for individuals, companies and states to have more control over their technology, and greater access to information, than ever before. Yet the approach to safeguarding against the threat of cybersecurity is lagging behind the rate of development, according to a new report, 'Scope, scale and risk like never before: Securing the Internet of Things' released by Telefónica, one of the largest telecommunications companies in the world.

Developed by Telefónica's cybersecurity and IoT divisions, in association with a range of partner organisations operating in the field of cybersecurity, the report advocates building consistent standards and regulations, allied with greater trust between developers and operators, promoting universal understanding of cybersecurity to create a robust defence against ever-present threats.

Comments John Moor, director of The Internet of Things Security Foundation: "There's lots of focus on the innovation opportunities around IoT. However, there has been relatively little on its dark underbelly to date. If we are not careful, we could be sleepwalking into a lot of problems - some of which may not have been seen before."

DIGITAL INVASION
"It's not just about the privacy of our own data or the security of our digital identities," says Chema Alonso, CEO of ElevenPaths, Telefónica's cybersecurity unit. "In the next few years, our lives will be surrounded by devices connected to the Internet that will digitalise every step we take, convert our daily activities into information, distribute any interaction throughout the network and interact with us according to this information.

"Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT," Alonso concludes. "Let's understand the problem before it's too late and guarantee we are able to offer a complete protection plan, taking advantage of all the knowledge that has been developed for other scopes. The future of IoT is unwritten, but only through collaboration and insight can we achieve a secure foundation."

LIMITED PROTECTION
It is important to realise that, while it is possible to acquire a mix of security products to protect desktop computers, laptops, and smartphones, such technologies do not exist to protect the vast majority of other devices people are adding to their networks. That is the view of Matt Walmsley, EMEA director, Vectra Networks. "The whole realm of IoT security is in its infancy and, as a consequence, currently exposed to a rapidly expanding number of threats that cannot yet be efficiently mitigated," he points out.

"The lack of inherent security on many IoT devices throws up major privacy, as well as network security, issues. Not only are digital assets, resources and users potentially at risk, but, as we demonstrated when our team recently hacked a low-cost D-Link WiFi web camera, turning it into a permanent back door into the network, hackers could sit on that network and gather traffic for a prolonged period of time without anyone knowing. Or they might use the device as a means to orchestrate more developed internal attacks to destroy, modify or steal useful data," he states.

IoT opens the door to many new, innovative ways to create value and services over the internet, he acknowledges. "At the same time, IoT also exponentially increases an organisation's attack surface. This is why organisations that embrace the IoT need to supplement traditional security with behaviour-based models of threat detection. It's fast becoming the best way to detect an active threat or attack regardless of the type of device involved.

"Using behaviour-based analysis, if any of these IoT devices begin scanning the network, spreading malware or creating covert connections out to hacker sites to funnel data, that activity immediately generates alerts," advises Walmsley. "Behaviour-based threat detection can deliver automated network-wide security management, without the limitations of threat databases. Signatures can only spot what they already know about and no defence is ever full proof. Only by focusing on observed behaviours, both within and outside of the network, can organisations spot the in-progress attacks that gain a foothold of IoT devices before they escalate, expand and cause damage and disruption."

IOT ATTACK VECTORS
Darin Welfare, EMEA VP, WinMagic, points to recent breaches, such as the Jeep and Samsung TV hacks, as prime examples of the current limitations presented by connected devices. "Whilst offering considerable advantages for employees, IoT also presents hackers with additional attack vectors from which to target organisations, meaning a business' security system will only be as strong as the security of its connected devices."

From a business point of view, the biggest problem with IoT security today is that security standards vary widely depending on device manufacturer and operating system (OS), he points out. "Until there is industry recognition of the dangers of IoT and accepted universal standards on these devices, IoT security will continue to be a real and ongoing danger for businesses. The good news is that the Internet of Things is in its relative infancy and, historically speaking, all new technology is initially weak on security as the industry assesses functionality and vulnerability limits before standards evolve.

"In the absence of industry standards, there are some steps that can be taken to ensure that a device is more secure. For example, IT teams should consider whether the device offers two-factor authentication and assess the level of authentication against rogue third party devices attempting to access the device. Application-aware intelligent key management will also play an increasingly vital role, as more and more encrypted devices connect to the company network; enabling true single sign-on capabilities for virtually all encryption and authentication services," Welfare adds.

Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT