The Emerging IoT Threat to Information Security

CIOs are facing a huge impact from the 'Internet of Things' (IoT) on their digital and information security.

With enterprises beginning to realise the importance of handling Big Data and incorporating Smart Analytics in their ITC systems, IoT is now forecast to add vast mountains of extra data to the already incredible avalanche with which business now has to cope.

So, the key question is: how well is an organisation (yours) prepared for this IoT impact? What is your strategy for developing 'Next Generation Security'?

In December 2014, IDC came out with some frightening IoT predictions from their 'FutureScape: Worldwide Internet of Things 2015 Predictions' web conference. Among these they concluded that "within two years, 90% of IT networks will have an IoT-based security breach and Chief Information Security Officers (CISOs) will be forced to adopt new IoT policies".

Complex IoT challenges

Gartner said that "the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.”

Perhaps even more startling, IDC predicts that "within three years, 50% of IT networks will transition from having excess capacity to handle the additional IoT devices to being network-constrained with nearly 10% of sites being overwhelmed".

Gartner predicts that "by 2020, the installed base of 'things' – excluding PCs, tablets and smartphones - will grow to 26 billion units".

Historic Anthem hack attack

In February this year, cyber-criminals, thought to be based in China, obtained the unencrypted information – including names, addresses, social security numbers – of some 80 million customers of US health insurer Anthem.

Ed Simcox, Logicalis's Healthcare Practice Leader, gave this advice relating to the Anthem attack, thought to be one of the biggest in history to date:

"Given heightened attacks such as this one, it’s an important reminder that CIOs must maintain the necessary security posture," Simcox said. "They need to do so even in the face of declining IT budgets and important, competing priorities by evaluating security against these other priorities.

"CIOs need to be comfortable communicating the business value of security initiatives to boards of directors and senior leadership. Only then can they acquire the proper funding levels and organisational support necessary to properly care for security."

A range of Australian attitudes

Logicalis Australia Solutions Architect, Dr Greg Daley said that, in parts of Australia there is still a focus on controlling the 'pipes' data is accessed through.

"But I think that is becoming table stakes now: threats arrive through diverse sources, including paths independent of the corporate Internet service," he said. "I think the focus in IT security will start shifting to control and management of breaches as organisations aim to trace and mitigate business impacts from attack."

Dr Daley said that digital security threats are almost always worse from internal sources. Productivity relies on staff members having ready and flexible access to data. Internal security controls need to be robust to prevent such incidents, also because user level privileges are a significant vector for exterior attackers.

Changing security effectiveness

He highlighted recent trends towards encryption and said they have altered the effectiveness of perimeter security measures, such as web proxies.

"This means that threat mitigation needs to move to the end-systems, which embeds security in the end applications," he said.

Dr Daley said that as a business-focused technology infrastructure vendor, Logicalis has always placed security as a key enabler for its customers.  Their philosophy is that security is a function that has to be "baked into infrastructure and services", and has to be considered from the business requirements and design stages through to implementation and operation.

There has been a movement in recent years towards operational technology which means organisations are leveraging computing and network technologies for productivity.

Security 'baked into the system'

"The risks that come along with this are that security breaches no longer impact the back-of-house operations: they can literally stop a road, a machine or a transaction," he said. " This means that the digital security of the environment has to be considered in the operational risk assessment, and once again this needs to be baked into the system from its inception."

Dr Daley had this valuable advice: "Organisations which seek to integrate best security practice into their organisation’s processes from inception onward will limit the scope and damage of attacks," he said. "Where they have systematic plans to defend, identify, remediate and recover from attack, they will be able to focus on core business with some certainty."

To find out more about how Logicalis can help you and your business, head to the Solutions & Services page.

Tags Digital Transformation, Security, data security, internet of things, IoT, Logicalis, networking


Align your business strategies with the business goals