Cybersecurity sometimes feels like a game of cat and mouse—new technologies and even familiar hacker capabilities are constantly testing protections, and requiring the security sector to put out and prevent potentially destructive attacks.
Today, we’ll look at three of the top issues in cybersecurity that the C-Suite is talking about right now, and suggest some ways you can prepare.
The Internet of Things
The Internet of Things (IoT) is a system of connected devices that can communicate without human interaction. The devices range from phones and computers to refrigerators and cars to implanted heart monitors. The IoT makes it possible for smartphones to communicate with home thermostats, or a heart monitor to send an emergency message to the paramedics.
We caught up with Michael Beesley, CTO of Skyport Systems, to get his take on IoT, who says it also “facilitates the application of artificial intelligence (AI) to many business models, elevates levels of customer service in terms of timeliness, and it has an ability to be predictive with regards to supporting products and solutions (as opposed to reactive).
While the IoT holds endless potential for making life more convenient and business more productive, it also comes with risks. So many constantly connected devices means many opportunities exist for those with malicious intent to take advantage of vulnerabilities.
To work, IoT devices are always gathering and using data—data that’s important to users and businesses, and potentially marketable for hackers. Because the IoT concept is still relatively young, security isn’t always able to keep pace.
In September of 2016, hackers used security cameras and recorders to launch internet attacks on more than one million connected devices. Among those attacked were hosting and technology companies.
According to reporting from the Wall Street Journal (WSJ), the hackers used Chinese-made video recorders and cameras to knock the targets offline and then flood the sites with data, which caused them to crash.
We expect to see an exponential increase in the number of smart, IoT-enabled devices deployed and connected over the Internet, creating vast amounts of valuable data. In fact, Gartner predicts the world will have 11.4 billion connected IoT devices by 2018. That’s a lot of chances for glitches and security flaws.
If we are going to avoid future security disasters with regard to IoT, we need to take the security posture of these devices seriously—and need to factor in secure development practices and security-oriented testing into their development.
Enterprises can address the security risks of IoT technology by maintaining security as a core requirement of the solution, by explicitly testing for it and by insisting that their IoT vendors have security as a top priority throughout their continuous development and testing processes.
Some takeaways for enterprises, says Beesley:
- Ensure the IoT fabric itself is secure, especially as IoT is applied to critical infrastructure and physical systems such as transportation, power generation, industrial manufacturing and so forth
- Ensure that the data collected from IoT systems remains secure
- Ensure that IoT deployments are secure to the point that they can not be owned and leveraged against a third-party target
- Educate yourself on the security risks, and ask specific questions of the vendor with regard to their secure coding methodology, their security testing processes, their third-party certification program for their technology and a detailed risk assessment of their solution
Countless businesses and individuals have transferred their activity to the cloud. With Software as a Service (SaaS) cloud computing, companies can manage everything from email to billing in the cloud.
It’s not just companies getting in on cloud computing, either; the federal government embraces cloud technology, too. And while there’s a high level of confidence in the government’s cloud security, the technology is still young enough that absolute certainty isn’t possible.
As more and more companies eagerly move to the cloud, the security piece is still complicated. Some companies have closed every data center to move into the cloud only to find out some time later that there’s way too much sensitive data to take off premise.
The primary concerns about security and the cloud today relate to users bypassing security policies and setting up their own accounts, opening organizations to a number of threats like data breaches, compromised credentials and much, much more.
For many reasons, the private cloud is gaining momentum, and with it comes a whole hosts of issues that businesses are working through when thinking about the private versus public cloud. As we move into the new year, we’re hopeful that many of the current challenges will start to be solved.
As more and more businesses head to the cloud—public or private—the lack of cybersecurity skills becomes more obvious.
According to Enterprise Strategy Group (ESG), 46 percent of organizations feel they have a problematic shortage of cybersecurity skills. This is significantly more organizations than were previously concerned (28 percent), and suggests that cybersecurity efforts are going to have a hard time meeting demand.
To combat the skill shortage when it comes to the cloud, one of the ESG experts from the report suggests the following precautions:
- Ensure your workloads in the cloud are visible to chief information security officers (CISOs)
- Add strong controls everywhere you can
- Investigate security solutions that are designed for the cloud
- Train the team on cloud security as soon as you can
Piggybacking on the ideas of devices communicating and deficits in cybersecurity is artificial intelligence (AI). AI can simulate human intelligence for things like learning, reasoning and correcting.
So when it comes to threats and security in the context of cyber, AI is currently acting as a security measure against human hackers, and it’s an exciting time.
AI can pick up on small clues to hacker activity that other monitors might miss for months. Of course, as long as humans are programming AI, other humans will likely find a way to get around it.
But, what is it about AI that itself could become a threat? Take, for example, malware that initially only disabled computers or networks could self-organize to disable equipment in retail or healthcare, bringing down an entire organization’s most important functions.
Another potential threat of AI is that it convincingly mimics human tone and writing style, even at the level of journalistic articles. This could lead to a more sophisticated version of scammers that mimic company employees and ask for money transfers.
Perhaps more threatening is the AI that works quietly over time. The Business Insider article (linked above) talks about malware that gets in and messes with business strategy, impacting decisions and taking down organizations without any obvious catastrophe.
The IoT, the cloud and AI are all incredibly fascinating issues right now, and likely to be more powerful than we yet realize. Cybersecurity certainly has its work cut out for it in the coming year, but when it comes to business and national safety, we must lead the charge.
Visit Skyport Systems at the RSA Conference February 13 to 17 in San Francisco, Calif. at the Moscone Center, North Expo booth #3941. Confirm a time to meet with us at RSA and see how we can partner to secure your most critical applications.