| |||||||||
| |||||||||
Current Filter: Security>>>>>Feature> Land of opportunity - and potential catastrophe Editorial Type: Industry Focus Date: 03-2016 Views: 1973 Key Topics: Security The Intenet of Things (IoT) Key Companies: The Internet of Things Security Foundation WinMagic Key Products: Key Industries: | |||
| The massive benefits that IOT can deliver in what has now become a hyper-connected society must be set against the countless risks posed each day by Cyberattacks The increasing prevalence of the Internet of Things (IoT) in modern society presents significant opportunities for individuals, companies and states to have more control over their technology, and greater access to information, than ever before. Yet the approach to safeguarding against the threat of cybersecurity is lagging behind the rate of development, according to a new report, 'Scope, scale and risk like never before: Securing the Internet of Things' released by Telefónica, one of the largest telecommunications companies in the world. Developed by Telefónica's cybersecurity and IoT divisions, in association with a range of partner organisations operating in the field of cybersecurity, the report advocates building consistent standards and regulations, allied with greater trust between developers and operators, promoting universal understanding of cybersecurity to create a robust defence against ever-present threats. Comments John Moor, director of The Internet of Things Security Foundation: "There's lots of focus on the innovation opportunities around IoT. However, there has been relatively little on its dark underbelly to date. If we are not careful, we could be sleepwalking into a lot of problems - some of which may not have been seen before."
DIGITAL INVASION "Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT," Alonso concludes. "Let's understand the problem before it's too late and guarantee we are able to offer a complete protection plan, taking advantage of all the knowledge that has been developed for other scopes. The future of IoT is unwritten, but only through collaboration and insight can we achieve a secure foundation."
LIMITED PROTECTION "The lack of inherent security on many IoT devices throws up major privacy, as well as network security, issues. Not only are digital assets, resources and users potentially at risk, but, as we demonstrated when our team recently hacked a low-cost D-Link WiFi web camera, turning it into a permanent back door into the network, hackers could sit on that network and gather traffic for a prolonged period of time without anyone knowing. Or they might use the device as a means to orchestrate more developed internal attacks to destroy, modify or steal useful data," he states. IoT opens the door to many new, innovative ways to create value and services over the internet, he acknowledges. "At the same time, IoT also exponentially increases an organisation's attack surface. This is why organisations that embrace the IoT need to supplement traditional security with behaviour-based models of threat detection. It's fast becoming the best way to detect an active threat or attack regardless of the type of device involved. "Using behaviour-based analysis, if any of these IoT devices begin scanning the network, spreading malware or creating covert connections out to hacker sites to funnel data, that activity immediately generates alerts," advises Walmsley. "Behaviour-based threat detection can deliver automated network-wide security management, without the limitations of threat databases. Signatures can only spot what they already know about and no defence is ever full proof. Only by focusing on observed behaviours, both within and outside of the network, can organisations spot the in-progress attacks that gain a foothold of IoT devices before they escalate, expand and cause damage and disruption."
IOT ATTACK VECTORS From a business point of view, the biggest problem with IoT security today is that security standards vary widely depending on device manufacturer and operating system (OS), he points out. "Until there is industry recognition of the dangers of IoT and accepted universal standards on these devices, IoT security will continue to be a real and ongoing danger for businesses. The good news is that the Internet of Things is in its relative infancy and, historically speaking, all new technology is initially weak on security as the industry assesses functionality and vulnerability limits before standards evolve.
"In the absence of industry standards, there are some steps that can be taken to ensure that a device is more secure. For example, IT teams should consider whether the device offers two-factor authentication and assess the level of authentication against rogue third party devices attempting to access the device. Application-aware intelligent key management will also play an increasingly vital role, as more and more encrypted devices connect to the company network; enabling true single sign-on capabilities for virtually all encryption and authentication services," Welfare adds.
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |