Technology has advanced by leaps and bounds over the decade, so is the threat landscape. While Internet of Things (IoT) opens a sea of opportunities, the other side of the coin carries security concerns.
Earl Perkins, research vice president at Gartner, shared his thoughts on how security leaders can develop new approaches to better protect their digital business against potential threats and breaches.
The pace of innovation has generated requirements for millions of devices, most network connected or wirelessly connected in some capacity.
Unfortunately, most of these devices have little or no protection at the software and infrastructure level.
In a 2015 report, cyber security service provider Symantec had said it had secured 1 billion plus IoT devices. It estimates that there would be 25 billion IoT devices by 2020.
Given the diversity of devices and environments in which they operate, there is no single standard for device-to-device authentication or how devices can securely link to cloud services.
Perkins recommends that the industry will need to acknowledge IoT’s pervasive presence and adopt new strategies that consider digital world.
ALSO READ: Cyber security trends to watch in 2017 by Sophos
The rise of the IoT creates a varied and different approach to device function – some devices may be built to only deliver information by the second, while others act as a static storing place for information until something may be triggered.
Finally, security and risk decision-makers must look at data flow in IoT networks to understand how, when and where to secure data.
Data in IoT networks tends to be constantly changing, even if it’s stored. When making key decisions to protect data via encryption, network segmentation, or even monitoring and detection, data flow remains a key differentiating characteristic that may require new approaches in digital security.
Independent information security body Information Security Forum has warned that IoT will bring unmanageable security risks.
According to Perkins, the biggest challenge security leaders face is shifting their perception of how to manage and assess risk.
He pointed out that security managers are accustomed to taking a calculated risk on how to mitigate threats in their organization, but the rise of IoT introduces new variables to the risk formula.
“As a whole, the industry will need to acknowledge IoT’s pervasive presence and adopt new strategies that consider our digital world,” Perkins says.
Perkins also spoke about recent security breaches and pointed out the take away lessons from those.
He says security leaders need to establish at least the basic security model that addresses prevention, detection, response and prediction concerns in an adaptive security framework.
In the past, the only devices a DDoS hacker would likely use were PCs, servers and perhaps mobile devices.
However, the recent Dyn DDoS attack was record breaking in several ways, including the sheer volume of “noise” generated by using devices—including IoT devices—to generate that noise, affecting not only enterprise users but consumers.
Technology research firm TBR says the DDoS attack occurred on October 21, 2016 underscores the need for increased investment in security.
According to an IHS Markit report released in July 2016, DDoS mitigation product revenue is projected to reach $925 million 2020. The research firm had said the number of DDoS attacks is skyrocketing.
Organizations with a minimal security foundation would be better prepared in prevention, detection, response and prediction to address such an attack.