IOT3 – Internet of Things, Threats and Terrestrials
The Internet of Things (IoT1)
From smartphones to vehicles to medical devices to networked light bulbs and smart meters, connected devices have proved to be the instrument of change towards improved productivity and user experience over the past decade. The so-called Internet of Things could also be the single most disruptive force in people lives since the introduction of machinery during the industrial revolution. Unlike the frame-breakers of the industrial revolution, however, people have embraced the Internet of Things; this is particularly true amongst the millennials, where a connected digital experience anywhere, anytime, is an expectation and directly influences their engagements with brands, products and services.
The Internet of Things, whilst undoubtedly providing tremendous opportunities, also presents new challenges, for both the consumers and the providers of products and services. The number of Internet-connected devices is expected to reach over 20 billion by 2020, with a 30% YoY increase between 2015 and 2016 according to Gartner. However, every connected ‘Thing’ could be a threat and present regulatory liabilities, cause reputational damage and affect the bottom line.
Internet of Threats (IoT2)
As the number of connected devices increases, so do attack vectors. Continued pressures from service users mean this will only increase. Clearly, simply securing the perimeter, i.e. preventing device access to a network, is no longer a viable option. This is further complicated by the rapidly moving technology landscape, for example, the adoption of cloud-based services. Modern networks will require more granular network controls, including segmentation as well as the classification for services and consumers. We are also observing greater reliance on informatics and real-time analytics of network traffic from all types of connected devices, to aid identification of unusual patterns and potential compromises, especially in highly regulated and sensitive network environments such as the banking sector.
However, no network can be completely secure – a network breach must be expected to occur at some point. The real question is if, when that breach occurs, it can be detected, closed down and any damage remediated promptly to limit the organisation’s exposure to information loss, regulatory non-compliance and reputational impact. FireEye has shown that this ‘dwell time’, or the time between compromise and detection, average 146 days globally, whilst in the EMEA is 469 days. The actual dwell time is dependent on the sophistication of the attack. Sophisticated network compromises may deploy Advanced Persistent Threats (APTs) to aid the progress of the attack, or instead, attackers may “live off the land”, a term coined by Dell SecureWorks’ Counter Threat Unit. However, both methods require active involvement by the attacker, the explicit goal being theft of an organisation’s business data and intellectual property. Connected devices with immature security implementations only widen the threat surface available to an attacker. However, many of these connected devices help to improve employee productivity so can be perceived as adding value to the organisation; this brings us to the IoT3, and the ultimate reason Cybersecurity is required.
Internet of Terrestrials (IOT3)
The ultimate audience for Internet-connected devices are Terrestrials, whilst the technology merely assists. In 2014 and 2015, many cyber-security incidents were the result of unauthorised network and system accesses enhanced by APTs. These are highly targeted, often initiating with phishing campaigns, harnessing the wealth of publically-available social media information. Such attacks are particularly troublesome to defend against since users, often insiders can legitimately access the network, increasingly via smartphone and tablets, and thus are difficult to protect against via traditional perimeter-based protections. Incidentally, in large organisations with sophisticated cyber defences, insiders are the root cause for over half of security breaches based on research by IBM and PwC. In order to combat this, defenders need to adapt. Increasingly, organisations are adopting an active defence strategy with granular access control and continuous monitoring. This strategy will deploy the raw processing power of modern computing and analytics, in combination with the unrivalled creativity of the human brain, our final T, the Internet of Terrestrials. This approach has already been adopted by high maturity cyber security environments for some of the world’s largest biggest institutions. More organisations are likely to adopt this strategy in a rapidly evolving threat and regulatory landscape.
IoT3 and Beyond
This blog provides a discussion on how technology in the form of the Internet of Things, IoT1, provides the foundation for disruptive innovation. This has contributed to a highly dynamic threat landscape in the form of the Internet of Threats, IoT2. However, the ultimate actors – and users – are the Internet of Terrestrials or IoT3. It is also the latter which will ultimately determine how readily companies will adopt innovation for a very exciting field.
Dr Wendy Ng, CISSP, CCNP; 4th December 2016