Security risk of things
The internet of things (IoT) has opened up new markets and business opportunities worldwide, but it has also brought with it an array of new and significant security threats.
“With the increasing deployment of IoT devices, by both the consumer and enterprise, the cyber criminal now has a much broader attack surface to take advantage of. This growing attack surface means that these networks are now more vulnerable than ever before,” says Derek Manky, global security strategist at Fortinet.
According to the latest forecasts, there will soon be tens of billions of connected devices in use worldwide, many of which are owned by businesses. The significance of this trend needs to be taken more seriously than is currently the case, says Mr Manky, who explains that most businesses are simply not properly protected against the threat of IoT security risks.
He is convinced that enterprises are generally less well protected against IoT-based threats than they believe they are, with Fortinet’s FortiGuard Labs estimating that some 500,000 hacking attempts are now being made every minute around the world.
“We speak to many vulnerable enterprises that are unaware of compromised or infected devices attached to their systems increasing the risk of a successful cyber attack and data breach,” he says.
Mr Manky makes clear that the number of new vulnerabilities being spotted continues to increase, as does the number of attacks being initiated on a global basis and the scope of settings in which hackers can have an impact.
“I’ve been with Fortinet for more than 12 years. In 2004, we recorded half a million viruses for the entire year. Today, we can record over two million new viruses in a single day and we monitor more than 50 billion potential threat events worldwide daily,” he says.
But without the means to assess the risks associated with having so many connected devices or the expertise to understand the exact nature of the threats being faced, what can businesses do to protect their networks?
Mr Manky points out that not every business can have a security analyst looking out for potential IoT vulnerabilities or problems in real time. From Fortinet’s perspective, the answer jointly lies with developments in artificial intelligence, and the need for integration between the network and its security infrastructure.
“We are also moving towards the creation of systems that defend against cyber attacks through an approach based on a combination of artificial intelligence and human input,” Mr Manky says.
“We’re already able to quarantine devices and view networks like a grid to spot potential problems automatically through ‘co-operative security’ and digital asset mapping.
We can record over two million new viruses in a single day and we monitor more than 50 billion potential threat events worldwide daily
“But without bringing in artificial intelligence processes there isn’t enough scope for these systems to scale in order to meet the needs of both small and medium-sized enterprises (SMEs) and larger businesses that don’t have an IoT security analyst on site.”
However, the first step in the process must be to ensure the underlying network has the fundamental security technologies in place to support IoT. Randomly or haphazardly implemented security will only complicate the task of securing the network when IoT is implemented.
“Fortinet’s technology vision, the Fortinet Security Fabric, lays out the blueprint for integrating the necessary technologies needed to meet these and other security challenges of today and in the future. Simply deploying security end-to-end is not enough,” says Mr Manky.
“These solutions must work together to form a cohesive fabric, spanning the entire network, linking different security sensors and tools together to collect, co-ordinate and respond to any potential threat.”
Mr Manky also explains that the lines between the cyber and physical realms are blurring because of the growth of IoT.
One market segment where the consequences of improperly implemented IoT are particularly relevant is healthcare, when the potential consequences of a successful hack can quickly become life threatening. Much the same can also be said in the context of connected vehicles and all manner of public services.
Mr Manky’s view is that enterprises ought to be focused on developing more robust strategies for protecting against threats associated with IoT and connected devices, and work with companies that can provide security services to assist them.
He also identifies the looming skills gaps as a significant challenge for enterprise security, with the growth of IoT only likely to bring the issue of a diminishing pool of qualified professionals into sharper focus in the coming years.
“Part of the challenge is the type of IT security jobs that are being created worldwide continues to change significantly as a result of developments like IoT and big data,” he says.
The growth of IoT is a scenario in which security vulnerabilities and risks to enterprise IT systems continue to proliferate. Indeed, what’s going on already is having a massive impact as far as the growth of new vulnerabilities and the relative lack of readiness to defend against them is concerned, he says.
As the threat landscape intensifies, only larger organisations will be able to establish relevant experts and security analysts in-house. For the rest of the market, and in particular SMEs, they simply won’t be able to afford it.
However, they can turn to the products and solutions that security experts such as Fortinet provide, as well as managed security services based on these solutions, to equip themselves properly in the fast-changing cyber-security battleground.
For more information please visit www.fortinetsecurityfabric.com