With the rising wave of Internet of Things (IoT) devices, businesses everywhere are faced yet with another challenge: to ensure an adequate security level while also continuously integrating new technologies. Industries such as healthcare, insurance and banking, retail and the list can go on, have already embraced smart machines and IP-enabled appliances in the workplace, but is this necessarily a good thing?
While IoT has already made itself comfortable in the corporate world, it is an issue that remains controversial and should be treated with caution. Thinking of the BYOD (Bring Your Own Device) trend, experts quickly realized that smart devices and other IoT parts create a grave threat to a company’s security level. The truth is that the extra productivity and cost savings an enterprise gets out of this whole deal is proportional with the increasing number of network vulnerabilities that can be exploited via unsecured endpoints. Read our previous article on endpoint security here.
The Internet of Things or the Internet of Threats?
You may tell yourself that not all IoT devices can be threatening to the cyber well-being of your company. And that is where you are partially right. Indeed, not all of them are critical to your corporate security. There are some devices that can have a more damaging impact than others. Take for instance, a Windows 7, 8 or 10 workstation where the user frequently deferres updates and patches. When you expose such a device to the network, you basically offer hackers your data on a silver platter. Security best practices in a digitalized work environment are crucial to combat the double-edged sword effect of IoT and prevent it from becoming the dreaded Internet of Threats. At ITrust, our experts are continuously monitoring the state of the cyber-landscape and, as a result, act as security ambassadors in their pursuit of creating mass awareness. For more tips on how to acquire the most effective cyber-routine, you can consult the 10 most encountered security breaches here.
If you’re still not convinced of the risk businesses are taking when enabling large-scale remote controlling of their network assets, perhaps you would like to know that Gartner estimates the number of connected devices in business sectors to reach the order of billions by 2020 (20.8 billion, to be exact). On top of that, add the fact that most of these devices will not be secured by default, for the simple reason that their creators did not perceive security as a primary consumer need to begin with. This is the reason why scenarios such as hackers disabling the air traffic control center of an airport are becoming more and more plausible.
Hackers can do more damage now than ever before
The more internet-enabled machines we own, the easier it is for third-party devices to override our control of them. This year only we were able to witness hospitals being overthrown by ransomware (read our ‘How to avoid being in a data hostage situation’ article here), crippled not only financially, but also operationally. Imagine being a nurse in the Hollywood Presbyterian Medical Center and not being able to access your patient data because someone else clicked on an infected email attachment and now the malware it was carrying has taken over the entire network. Or even worse, imagine being the patient.
The evolved world provides use with numerous convenient advantages. We can synchronize all our devices, bring our own laptop to work or, vice-versa, bring our work computer home. Unfortunately, it also provides hackers with new opportunities to take advantage of the increasingly digitized and connected manner businesses are conducted in. Just this week, the FBI issued a warning to all smart car drivers that automated vehicle hacking is a very real risk.
What is left to be done?
One thing is for sure: if done right, IoT will completely revolutionize our way of living and, implicitly, our way of working. Despite the underlying risks, if businesses were to understand the need for advanced security analytics, the Pandora’s box of the digital era could remain closed forever. Organizations need to shift their focus on real-time detection of advanced threats and acquire full visibility where their security level is concerned.
Reveelium is a solution developed by ITrust with the aim of bridging the intelligence gap that antiviruses are confronted with and preventing IoT from wreaking havoc in the business environment. It can identify the symptoms of all malicious behaviors through its automated anomaly detection system, built as a multi-dimensional technology comprising: a weak signal detection engine, the result of extensive research into mathematical algorithms (1); a correlation engine, based on the experience of system engineers and security consultants (2); a global knowledge base, Reveelium’s experience repository which collects, abstracts and shares the behaviors identified across Reveelium users (3).