While the Internet of Things (IoT) is propelling companies into the digital revolution, like anything else, it comes with its security concerns. Several experts talk to us about the security issues it could pose and how to secure network infrastructure to prepare for potential attacks.
Software intelligence company, Dynatrace, has announced the findings of an independent global survey of 800 CIOs, which reveals that 74% of IT leaders are concerned that Internet of Things (IoT) performance problems could directly impact business operations and significantly damage revenues. This is mostly because 78% of CIOs said there is a risk that their organisation will rollout IoT strategies without having a plan or solution in place to manage the performance of the complex cloud ecosystems that underpin IoT rollouts. In fact, 69% of CIOs predicted that IoT will become a major performance management burden as they struggle to overcome the escalating complexity of their modern enterprise cloud environments.
“Businesses across every industry are eagerly exploring IoT’s potential to engage new markets, drive new revenue and create stronger competitive advantage,” said Dave Anderson, Digital Performance Expert at Dynatrace. “However, IoT ecosystems and delivery chains are intricate and boundless, which creates unprecedented frequency of change, size and complexity in the cloud environments on which they are built. Enterprises are already struggling to master cloud complexity and now IoT substantially magnifies this challenge.”
“Platform-specific tools and do-it-yourself solutions aren’t built for web-scale, highly dynamic, complex cloud environments – they leave you cobbling together a mix of solutions which will never add up to a sophisticated platform that gives you a complete view of your environment and automated way of making sense of everything in real-time,” added Anderson.
“Organisations need a new approach that works at scale and simplifies IoT cloud complexity; a software intelligence platform that uses AI and automation to provide full operational insights into vast ecosystems of IoT sensors, devices, gateways, applications and underlying infrastructure. With answers at their fingertips, rather than just more data on glass, organisations will be poised to enjoy the benefit from all that IoT technologies have to offer.”
Chad Mercer, VP of Information Assurance for Rajant Corporation, elaborated on the issue of operating IoT within the workplace: “IoT is no longer just a concept – it is taking us through the biggest Digital Transformation any generation has ever seen. Companies are battling it out to offer devices with the most impact and researchers at HP predict that there will be 1 trillion connected devices by 2025.
“As IoT’s progress shows no signs of slowing down, there are rising privacy and security concerns. The inherent nature of IoT devices – every single bit of data that’s captured through the connected devices is stored and utilised for future purposes – means protocols and IoT security standards must be in place.
“IoT visibility – or lack of – can create a blind spot for organisations which could be exploited for exfiltration of data which often holds critical business information. Enterprise IT managers need to be made aware as and when new devices are added to a network and where they are located to avoid potential breaches in the future.
“Often, devices are connected via Wi-Fi. While this may be efficient for a short-term connection, operators often experience a three to five second disconnect as devices move between access points. Long term, this slight break in transmission can lead to essential data being lost or interrupted – exposing it to possible security incidents. Security needs to be both usable and secure for enterprises. IT managers will have to move towards utilising strong high-speed data links which can be both scaled up and flexible to deliver secure data transmissions in the bandwidth and the latency enterprises required to carry out day-to-day operations.
“Security shouldn’t be a barrier to IoT deployment. Companies need to familiarise themselves with the two main security apprehensions: protecting the data when an attack does threaten the devices and having a prevention programme in place to find potential threats before they happen. IoT can bring extraordinary capabilities and improved efficiency, but organisations must take steps to protect themselves.”
Martin Thorpe, Enterprise Architect at Venafi, contributed: “IoT devices are rarely built with more than basic connectivity in mind. As a result, security takes a back seat and research has found that nearly 70% of IoT devices are known to be vulnerable to attack.
“Considering the number of machine identities that businesses deal with every day, trying to address the problem manually is simply not viable. Only machines can move at the required speed and so firms need to automate their machine identity protection. This means having tools which can discover every identity on the network, monitor them throughout their lifecycle and immediately revoke and replace them if there is a security threat. Without automation it’s a matter of when, not if, your IoT network falls victim to attack.”
Graeme Rowe, EMEA Marketing Director, Pindrop, commented: “As enterprises make voice-enabled devices more commonplace, a major security risk is developing for businesses. Recent research conducted by Pindrop into what we term the ‘Conversational Economy’, discovered that within the next 12 months, 85% of companies will implement voice-enabled devices; however, only 20% of IT Directors understand how to protect the data acquired through this technology. As fraudsters make use of smart devices as a new attack vector – using voice spoofing or voice manipulation techniques to work their way past existing security measures – enterprises must ensure they have the multi-layered protection in place to mitigate against attacks. A failure to do so will result in significantly reduced customer trust and hefty fines.
“The problem with existing voice biometric authentication services is that they don’t have the level of sophistication to detect fraudsters and effectively authenticate customers. This leaves enterprises and consumers alike exposed to sophisticated hacking measures like voice synthesis. Without a Machine Learning-based biometric solution in place that is robust enough to analyse, for example, voice ageing, voice spoofing and background noise, legitimate customers may find themselves locked out of their accounts, while fraudsters will be able to engineer their way inside. Businesses must start preparing themselves for the voice-led revolution that is to follow.”
Karl Lankford, Lead Solutions Engineer, Bomgar, elaborates: “With IoT, enterprises must consider every device that could ever feasibly reach their assets. And every one of these new connected devices and systems has an administrative back door that represents a risk. In the past, enterprises dealt with these administrative controls through manual processes. The new reality of IoT means the only way to properly secure administrative access to all systems is through automated solutions that can handle massive scale in ways that manpower cannot.
“As technology advances, it’s imperative that enterprises do not jump on new technologies as they will inevitably contain security vulnerabilities that enterprises may not be able to immediately upgrade equipment for. Enterprises can often find themselves on a back foot as these systems are often unable to be patched effectively, leading to new widespread threats from malicious actors and security vulnerabilities.
“Historically, organisations addressed this issue by creating an ‘air gap’, ensuring systems weren’t connected to Internet systems in any way. While this was effective previously, today’s organisations need to keep pace with more connected environments and take advantage of IoT technologies throughout their operations. However, layering new IoT solutions on top of legacy systems or removing the air gap and connecting modern networks to the wider enterprise and third parties opens up vulnerabilities and new pathways for attacks, with threat actors increasingly targeting employees in order to obtain privileged credentials.
“To mitigate this threat, enterprises can implement privileged identity and access management tools. This enables them to secure their privileged credentials, implement granular access controls for both third-party and internal users and provide an auditable history of what was accessed during any session. This not only secures access to networks and IoT devices, but also empowers IT teams to report quickly and efficiently on any potential untoward behaviour they find on the network.”