The ‘Internet of Things’ (IoT) phenomenon will significantly expose businesses and consumers to cyberattacks due to the growth and convergence of processes, smart devices and data, an industry expert said.
IoT is defined as the network of devices that contain embedded technology to sense or interact with their internal state or external environment.
Philippe Roggeband, business development manager of Cisco Security Architecture, believes that any smart and computing devices can be compromised and serve as a “backdoor for attackers” into the enterprise because they are embedded with operating systems that are often not designed with security as a primary consideration.
“As organisations continue to seek ways to capitalise on the vast opportunities that IoT brings, the number and type of attack vectors will only continue to expand,” he said on the sidelines of the third of Gulf Information Security Expo and Conference (GISEC) taking place at Dubai World Trade Centre until Tuesday.
He said that while IoT affords convenience to individuals and organisations, greater challenges await companies and those responsible for defending networks from cybercrimes.
According to research firm Gartner, the sum of all connected things is estimated to reach 25 billion by 2020, up from 4.9 billion this year — a huge 30 per cent increase from last year.
Roggeband said that there are three IOT categories — the traditional IT networks (printers, fax, laptops), industrial networks (programmable logic controller, substations) and consumer objects (fitness bands, connected fridges, smartwatches).
“The security issues are different for these three categories and the attack behaviours are going to be different,” he said.
He said the industrial control networks were not designed to be secured. They were designed to be “isolated”. These networks are very sensitive and “latency” (the time taken to exchange information from one terminal to another) cannot be introduced as it has to be run 24/7.
The general rule is as long as they are working they are not disturbed. The difficulty is in introducing “zero latency” security elements as the data needs to be synchronised across applications, processed and analysed in real time and made available to the authorities in no time.
The biggest nightmare is in the form of “consumer objects”.
Roggeband said the majority of connected objects run Android-based systems and the platform has the most malware in the ecosystem.
“The difficulty is how to build security into these objects. We see that security has to come from the network and it has to be Internet Protocol (IP) based, but the majority of the devices are running on Bluetooth. I don’t think any vendor has solutions for Bluetooth devices,” he said.
Currently, he said that cybercriminals use various methods to attack organisations and gain access to their networks. These include using malware, distributed denial-of-service and botnets to name a few.
Meanwhile, attacks on individuals range from identity theft, cyberstalking and hacking to the stealing of “valuable data, money or photographs”. The methods used could be malicious software from emails, website links and social media, phishing and password theft.
On the other hand, attacks on governments usually come from terror groups, other unfriendly nations or hacktivists who target government systems or military facilities to circulate propaganda.
Cisco believes that the present cyberthreats are stealthier than ever following last year’s widespread man-in-the-middle (MITM) attack on Apple’s iCloud system.
Any organisation using cloud-based applications and services is still vulnerable to cyberattacks, he said. To understand and protect against these incidents, organisations have been called on to mobilise all aspects of their cyberdefences to focus on the threat.
“Organisations must implement internal programmes to ensure users know how to recognise and avoid clicking on potential malware. Education is an essential component and when combined with visibility and control, it can help minimise cyberattacks and protect our networks,” Roggeband said.
