Governments, utilities and businesses from every sector are embracing the possibilities of the Internet of Things (IoT). This interconnected environment promises safer public parks, more efficient factories, better healthcare – imagination seems to be the only limit when it comes to applying the IoT to today’s needs.
However, for the positive action of all these improvements to work and life, there is at least an equal negative reaction. Gartner analysts recently revealed that by 2020, firms will have increased annual security budgets by 20 percent (up from less than one percent in 2015) in order to address security compromises in the IoT. Even more disturbing is that Gartner expects that a black market exceeding $5 billion will exist to sell fake sensor and video data for enabling criminal activity by 2020.
The speed at which connected devices are entering organizations is dizzying. From security cameras to smart TVs, wearables to point-of-sale systems and copy machines to the employee refrigerator are coming into the corporate environment today, creating pin holes across the enterprise security landscape. It is clear that the malicious intent of hackers has not only increased, but it has become more creative. The reality is that the IoT is changing everything, especially cyber security, and without the proper tools, it is nearly impossible to know what is connecting to your network.
The way that cybercriminals operate is shifting in response to the advancement of the IoT. What used to be an individual hacker or two looking to make a buck or wreak havoc on a particular network has turned into a more distributed and better-organized crime fabric.
Though smart devices have many benefits, greater efficiency among them, they may soon create more of a negative impact than a positive one. By using connected devices that are agentless, malicious actors are able to gain access to corporate networks and may not be discovered until after an attack.
It’s not just IoT devices; now IoT vendors join the already-complex world of corporate suppliers. CISOs now must extend their security monitoring policies and procedures to incorporate every supplier and vendor in the supply chain, no matter how benign their products might seem to network security.
This is not just worst-case-scenario thinking; it’s happened. Recently, a major carrier suffered a breach when hackers posted 300,000 customer records online. Imagine the look on the CEO’s face when he learned that the data was stolen from a third-party marketing firm involved in the carrier’s supply chain. Smart CISOs and CIOs must look to implement vendor risk management processes as part of their own operational security reviews before they find themselves facing an angry board of directors who are looking for answers as to how the latest breach occurred.
With such a massive proliferation of endpoints, security, availability and compliance have become inextricably intertwined. More importantly, if you can’t see it, you can’t protect it, so before proceeding, be sure you know what is connecting to your network. Here are five recommendations to manage the corporate IoT environment.
1. Get more accurate correlation. Use real-time network topology monitoring and best practices to improve correlation accuracy. Best-of-breed solutions incorporate rich analytics collection and cross-correlation along with third party big data analytics tools to help network and security operations personnel apply methods that are faster and more accurate. If you can’t measure it, you can’t fix it.
2. Step up your cross-correlation. It’s no longer good enough to simply monitor your network.;