FEATURE
tools onto IoT devices and you can
begin to appreciate just how hard it
is for security teams to secure their
organisation’s IoT deployments using
traditional approaches.
Why do enterprises need to care
about IoT risks?
SCOTT
SCOTT GORDON,
GORDON, (CISSP)
(CISSP) CMO,
CMO,
PULSE
PULSE SECURE
SECURE
To put it simply – enterprises need to
care about IoT risks because they need
to care about security risks. IoT devices
are widely known to be replete with
vulnerabilities and are often leveraged
as the weakest link in an otherwise
secure network.
Despite a slow start,
IoT regulation is
being drafted around
the world and the
non-compliant will
not fare well when it
finally hits.
they weave their way closer to the heart
of our IT systems, they become ever
more capable of being the weak link in
an otherwise secure ecosystem.
Much of IoT’s insecurity stems from
careless and rushed development on
the part of manufacturers. They are
not designed with security in mind and
software updates are sparse. Enterprises
need to recognise that fact if they don’t
want to fall prey to IoT manufacturers’
bad choices. The British government
has recently announced an IoT security
certification scheme which informs
potential buyers as to the security of
their potential purchases.
MATT WALMSLEY, HEAD OF EMEA
MARKETING AT VECTRA
There are as many potential attacks as
there are IoT devices – they could range
from a hacked fridge, to connected
insulin pumps that could harm or kill
patients. These aren’t ‘what ifs’ either but
have been seen in the wild frequently.
A great example is a recent casino hack:
attackers accessed the network through
a connected aquarium thermometer
and actually stole customer data. Even
if enterprises don’t particularly care,
regulators do. Despite a slow start, IoT
regulation is being drafted around the
world and the non-compliant will not fare
well when it finally hits.
IoT is leveraged to stay competitive
amidst the Digital Transformation.
Indeed, its potential is tremendously
exciting for enterprises. But as we rely
more and more on such devices and
38
Organisations must acknowledge that,
to reap the benefits of the IoT, they must
accept and manage the associated
security risk. IoT is bringing more
devices onto the network than ever, but
these devices very rarely get patches or
updates. This means that vulnerabilities
can be left unaddressed for months or
even years and this lack of security-
hardness leaves them vulnerable to
attack and exploitation.
Without the ability to run client-based end-
point security solutions – and unprotected
by legacy signature-based defences –
these devices are ripe to be breached.
Take the example of the Mirai IoT botnet
that surreptitiously took control of hordes
of IP cameras and used them to enact a
DDOS attack that brought down Amazon,
Spotify, Twitter and other websites.
What is the best way to ensure a
robust defence against attacks
via IoT?
MATT WALMSLEY, HEAD OF EMEA
MARKETING AT VECTRA
It’s no easy feat to secure every single
device from outside attack but there
are measures organisations can take
to protect themselves. The emphasis
must shift from threat prevention to
threat detection – where network traffic
is constantly tracked and monitored for
suspicious activity.
Machine Learning and Artificial
Intelligence have an important part
to play here and can accelerate and
increase the accuracy of security
Issue 18
|
www.intelligentciso.com