The hacking of the European Central Bank earlier this year was all too familiar news for those of us accustomed to SQL injection attacks. Yet, while SQL Injection and Distributed Denial of Service attacks (DDoS) have become cybercrime commonplace, the advent of the Internet of Things (IoT), has changed the game: Your average firewall simply won't suffice – unless, perhaps, that firewall speaks HyperCat and is 3D.
IoT has not only changed the game for IT, it has also created a radical shift in the global technology market. At this year's CeBIT conference in Germany, for instance, Prime Minister David Cameron announced a £45 million injection into the IoT economy for firms producing connected devices and device components. In further support of the prevalence and weight behind IoT, the UK government launched Digital Britain 2015, a review programme that will assess how to better IoT-enable public services.
As demand grows for digital content anytime, across multiple platforms, more companies are moving towards IoT for cost effective, efficient and smarter services. It is widely estimated that the number of connected buildings, vehicles and appliances will climb to 50 billion units by 2020 – ensuring a virtual explosion of data. Each connected device brings with it its own interfaces and, thus, IP addresses, which in turn poses its own unique security risks, enabling hackers to penetrate people's most private data. The FOSCAM wireless baby monitor hacking scandal last year was one terrifying – albeit apt – example of this new IoT security climate.
While securing networks has never been an easy job, it has become increasingly predictable over the years. As outlined in Verizon's 2014 Data Breach Investigation Report, over 92 percent of the cybercrimes committed over the past 10 years can be explained by just nine patterns. Though this framework has been helpful in the past – the future of interconnected devices demands a new security environment wherein we may all yearn for the days of yore.
With companies and consumers sharing information across numerous devices, there is an immediate and crucial need for security measures to protect corporate and personal data. While HyperCat is the interoperability layer that marks the beginning of the standardisation journey, the IoT super highway is still a considerable distance away.
IoT security protocol must take into account the increased prevalence of VPNs (virtual private networks), remote connection frameworks and remote connection authentication protocols in order to prove effective. Companies must also implement the following strategic steps to protect corporate and individual data:
Implement a Standardised Operating Environment (SOE) which helps to organise all applications and tools that are in use and maintain a technically competent workforce.
Implement a process-driven framework such as IT Infrastructure Library (ITIL), which is a global enterprise standard of how IT should be structured.
Part of ITIL is a patch and configuration management process, which ensures the SOE is healthy, functionally capable and secure. An added benefit is its ability to keep track of functional and security patches that can identify and quickly deploy patches for the system if there is a compromise.
Implement and govern a strong Information Security Management System (ISMS) policy and process that will ensure both pre-emptive measures and pro-active tasks are known, understood and quickly executable.
Enact a quick reactive process to analyse and identify risks. Following your risk protocol process, conduct an audit to ensure no other information has been compromised on the system.
Regularly update Windows, Android and iOS software across your devices.
Comply with the UK Data Protection Act and the Data Retention and Investigatory Powers (DRIP) law. In order to ensure adherence to the full complexities inherent in these laws, ensure that your technology security team works hand-in-hand with legal and regulatory experts.
Finally, while it's crucial to adopt a robust security framework, it is equally as necessary to communicate up-to-date security protocols to your key stakeholders. Companies must be vigilant and proactive when it comes to telling clients that their data is in safe hands. We are entering a new reality – wherein the Internet of Things can only be successful if it aligns with the safety, privacy and greater needs of society. The Internet of People, after all, is what we are securing.
Contributed by Steven Rosen, chief information officer, Xchanging Malaysia