HOME
NEWS

IoT: Internet of Things - or Internet of Threats?


By VARINDIA - 2016-12-02
IoT: Internet of Things - or Internet of Threats?

 

 

 

The Internet of Things includes a vast and ever-growing array of networked devices-including smart meters used by utilities, medical devices for monitoring patients’ conditions and delivering care, as well as to sensors that do everything from supporting public safety to automating manufacturing processes. When it comes to security and the IoT, Radware sees a two-part dilemma.

 

The first part: mitigating the risk of vulnerabilities created or compounded by networked devices. Organizations must consider the possibility of a huge increase in unknown vulnerabilities at the device level, as most lack antivirus or advanced endpoint and threat detection capabilities. While sensors and other IoT devices can fuel exponential improvements in speed, accuracy and efficiency of information collection, they also can make a business vulnerable to intrusions and attacks. Even a company’s network carrier can be affected if attackers use IoT devices to generate massive spikes in network traffic.

 

The other side of the IoT security dilemma is being protected from devices-that is, addressing the risk of the “things” themselves becoming vehicles for an attack. For example, in the past utility customers may have worried that a meter reader would forget to close a back gate, leaving the house unsecure. These days, they want assurance that they’re not letting a nefarious robot into their homes-putting data privacy and personal safety in jeopardy. On a broader scale, hackers could potentially take control of thousands of smart meters, wreaking havoc on the electrical grid.

 

Healthcare is another area where vulnerabilities could be devastating. Imagine a patient receiving an email that threatens to alter his or her pacemaker’s performance unlessa ransom payment is made. It may sound far-fetched; but healthcare has become a frequent target. Already, numerousattacks have blocked hospitals’ and other providers’ accessto their own data. Networked medical devices provide another potential avenue for such schemes.

 

Mitigating the threat of 'things'

 

Regardless of an organization’s interests around the IoT, the time has arrived to start taking proactive steps to ensure security. In the end, the full vision of the IoT may or may notcome to pass, or it may take longer than some predict. Whatis undeniable is that connectivity is exploding. While most people may be unaware of how the IoT functions, they will expect it to be secure. Similarly, they will be largely cluelessto the potential impact they (and their new gadgets) haveon the threat landscape, and thus cannot be relied upon tomaintain security capabilities on these devices.

 

Leading Through Uncertainty                                                                                                                    

 

Best practices for security operations will always vary with business and technical dynamics. Even so, some common practices are becoming increasingly important in the face of the evolving threat landscape.

 

In analyzing the findings of the Executive Survey conducted by Radware in partnership with Merrill Research, the company identified insights into how well some are doing—and areas where executives may have opportunitiesto understand and close security gaps.

 

Practice #1: Perform greater screening on inbound and outbound data                                                                 

 

In the open-ended responses, one executive mentioned future plans to increase screening on the traffic entering and leaving the organization’s network. Such screening represents a significant gap for many organizations-and it’s becoming increasingly important to address it. Radware has witnessed an increase in SSL/encryption, making inbound attacks more challenging to detect. Meanwhile, outbound traffic, especially when it’s encrypted, is often not inspected.

 

Recommendation: Ensure that network/perimeter protections can inspect encryptedtraffic without scale issues. Implement outbound traffic inspection capabilities.

 

Practice #2: When it comes to security, know what you’re spending and why

 

Radware’s study revealed an interesting paradox: A majority of respondents (82%) indicated thatCybersecurity is a CEO- or board-level issue. Yet in both the U.S. and the U.K., more than half of executives did not know how much money or time their company has spent on security-from fighting cyber-attacks to implementing safeguards against hackers. Cyber security is simply too important, and poses too much risk, for that lack of executive awareness.

 

Recommendation: An organization’s board and C-suite should assign ownership to ensure transparency

 

on current threats, protection strategy and where/how resources are being used.

 

Practice #3: When facing a ransom demand, tread carefully

 

With ransom attacks on the rise, the survey uncovered another paradox. Eighty-four percent said if they were approached by cyber thieves, they wouldn’t pay the ransom. Yet among those who were actually attacked, 54% said they did pay. Giving in to cyber thieves can be risky, as paying ransom may not stop the attack and, in fact, might increase the odds of additional incidents.

 

Recommendation: Flip the economic equation-investing resources into network, endpoint and

 

application security rather than “donating” money to criminals.

 

Practice #4: Consider using hackers to test your security

 

The Executive Survey shows increased willingness to use hackers, and with good reason. Hackers brings unique experience and insight as companies work to keep pace with changes to threat landscape and with the latest tactics, techniques and procedures.

 

Recommendation: At a minimum, conduct penetration testing and explore opportunities to engage white hat hackers to make the testing more realistic-and effective.

 

Practice #5: Automate security.

 

As the threat landscape becomes increasingly automated, protections need to be, too. Interestingly, in the Executive Survey, 40% say they have had automation in place for two or more years. That finding contradicts input from the Security Industry Survey, in which respondents told us their organization’s security is 80% manual. What this suggests is that executives may underestimate the extent to which certain security protections are still manual. That may include manual signature development for new attacks, as well as policy generation and vulnerability scanning/patching on applications.

Recommendation:

Recommendation: True automation comes from enabling technology to initiate protections-not feeding data into a Security Information & Event Management (SIEM) system so that a human can make a decision. Explore multi-vectorcoverage through coordination of security components.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA