by Ross Baker
The Internet of Things (IoT) offers tremendous value to organisations, their customers and employees, driving business agility, productivity, cost reductions and much more. That’s why the total number of connected things is predicted to top 20 billion by 2020. Unfortunately, this IoT explosion also creates unique opportunities for cybercriminals. Of these, attacks which impact the physical world are arguably the most serious, potentially leading to costly service disruption and even loss of life.
That’s why we’ll be sharing some key best practice tips with attendees at Infosecurity Europe next month on how organisations can mitigate the risks of IoT-powered cyber-physical attacks.
IoT systems are creeping into every sphere of our lives. From connected cars and medical devices to smart factory systems, they’re working to make companies leaner, more productive and cost effective whilst streamlining the end-user experience. But threats are everywhere, not least because many devices have not been designed with security built-in.
Factory default passwords and buggy code are common today and security updates can be difficult to apply, if they’re released at all. Hackers have become adept at exploiting these flaws to hijack devices, using them to infiltrate corporate networks or join botnets to launch DDoS attacks and crypto-mining campaigns. In fact, a National Crime Agency report this week claimed that “Internet of Things devices represent the greatest emerging botnet threat.” Our own stats reveal over 45 million crypto-jacking “events” in 2017.
But a far more dangerous IoT threat is that posed by attacks designed to impact the physical world. In recent months, Trend Micro research has revealed vulnerabilities in connected cars, Intelligent Transportation Systems, connected hospitals, and even factory robots which could in the worst case scenarios put humans in physical danger.
A hijacked robot could easily harm its operator, while ITS infrastructure could be hacked to cause chaos on the roads, leading to possible traffic accidents. This raises the stakes for cybersecurity even higher than they were already. If you think your liability as an organisation is significant when it comes to protecting customer data, just imagine the implications of attacks which could imperil employees and consumers.
At Infosecurity Europe
So what’s the answer? Well, there’s certainly no silver bullet. In what’s claimed to be an industry first, the BSI this week announced a new kitemark for IoT devices which will help IT buyers source more reliable and secure products. There’s an “enhanced” kitemark for those looking for devices used in high risk environments. However, the IoT ecosystem is complex and multi-layered and therefore requires a mix of policy, architecture, regulation and technology to keep your organisation secure.
At the annual Infosecurity Europe show in London in early June, our VP of Infrastructure Strategies, Bill Malik, will be taking to the stage to explain more. Attendees will learn how to:
- Deploy effective, layered technological counter measures against IoT breaches
- Effectively align policy goals to the information security program
- Architecturally integrate IoT into a successful information security program
- Guide corporate responses to local, national, and global regulatory initiatives
When it comes to IoT projects, the absence of well-defined security standards and regulations can end up turning projected benefits into unforeseen problems. That makes awareness and planning essential. With the stakes this high, IT bosses should be looking to collect as much strategic know-how as possible.
Who: Bill Malik, VP Infrastructure Strategies, Trend Micro
What: Thwarting a Cyber-physical Attack in the IoT Era
Where: Infosecurity Europe, London Olympia
When: 07 Jun 2018, 10:00 – 10:25, Strategy Talks