Posted by Reuben Burton
Why your Security Posture needs a Reboot
Why the Internet of things?
In a globalized economy where digitization and customer experience are the priority of the day, your organization can not afford to short cut any forms of technological innovation. Not only are the advancements in technology making businesses faster and more efficient, but customers are also expecting to receive premium services not only when sitting face to face in your offices but also when interacting with any application or portals representing your brand. Add to that a budding complement of staff searching for the best work environments, looking to be associated with the cutting edge of their industry and wanting to operate on the cusp of innovation. Your internal team expect that in order for them to produce at the level that sets them apart from your competition they will be allowed regular access to the most advanced and enabling technology available. The utopian marketplace that we all aspire to design, create and inhabit is rapidly becoming more and more of a reality thanks to this newest wave of development of the internet known as the Internet of Things (IoT).
The internet of things is fast becoming the future of business operations, it is, in essence, the capability of inanimate objects to communicate via the internet without the need for human input. In other words, what this means is that devices now have the ability to share and collaborate on their experiences and trigger actions both in the digital and the physical world. All of this combined with the advancements of data science and artificial intelligence (IoT) is fast becoming its own equally competent workforce. Capable of not only producing analytic and predictive insights into an organization’s internal productivity and external customer behaviours but also a workforce capable of producing valuable work output 365 days of the year.
How (IoT) can be exploited
While the internet of things may work to enable you to meet increasing customer demands as well as enable employees to work more efficiently it also opens your security infrastructure to new forms of attacks. What once was a few persons opening emails or a single gateway per application, is now ever connected cloud. With at least three (3) or more devices per employee, all with multiple channels to expose your organization to attacks. While devices continue to evolve with the advances of technology, you will begin to notice that what you have in place to maintain your security posture is not keeping up with the movement of (IoT). So as (IoT) increases year over year and the advancements in technology become more and more ingrained in the operations of our day to day lives your firewall/security infrastructure becomes more and more obsolete as a result of the changes in how (IoT) devices are being exploited by attackers.
Hewlett Packard 2017 online series The Wolf.
A smart printer without the appropriate security features connected to the cloud can give malicious actors access to your internal network and client database through a back-door access. This breach could enable actors to clone access rights to all levels of the infrastructure, which, in most cases may make it difficult to identify in real time the source of the breach as well as identify how much data is being leaked from a database. The reputational damage caused could be catastrophic. In addition to this using these backdoors, actors may be able to shut down an entire core server through a payload with the intent of causing a Distributed denial of service (DDoS) attack. Through this (DDoS) attack threat actors attempt to limit if not completely disable staffs ability to engage in daily task directly affecting your productivity. The potential revenue loss for any high transaction institution caused by a temporary crippling of a system can easily climb into the millions in the short term and even more in the long term.
What you should be doing
Regular vulnerability scans - don’t wait to be reactive be proactive in your security posture, automation is key to ensuring visibility into your multiple vulnerabilities are maintained. Review audit logs of all systems through a central management system that collects information from all network devices so as to enable reviews of all potentially unauthorized attempts to gain access to your systems and evaluate as needed.
Continuous upgrade of endpoint security infrastructure – this is to ensure that it matches the most current known exploits. This is ideally done through a centrally managed antivirus solution which is always up-to-date with the latest signatures. Always build redundancies into your systems whether through recovery sites or locations in the cloud or locally so as to enable you to quickly react if systems were to go offline or become encrypted by an external attack.
And finally, the biggest weakness in any security posture is the human element, continuous training of staff is without a doubt mandatory. Untrained staff can quickly breakdown the best of security postures intentionally or unintentionally. The internet of things in the workplace is here to stay and more and more your security posture will need to account for the growing number of devices that engage with your systems including the growing culture of “bring your own device” (BYOD). It is not always financially feasible for an organization to provide all the devices needed for a staff complement to effectively do their jobs or in the case of customers needing to interact with an application or portal. The user is at all times the biggest variation and as such needs to be a top priority in the security of the internet of things.
Topics: Information Security
Reuben Burton is an infrastructure and IS Consultant at Symptai Consulting. He has over three (3) years of Infrastructure and Information Technology services within private and public sector throughout the Caribbean. He is a Cisco Certified Networking Associate (CCNA), has successfully completed the Cisco Certified Network Professional Switch course and holds a BSc. in Information Technology and Networking. Reuben has also completed certifications in Data Center Switching and Infrastructure and successfully acquired Network Security Expert Certificate level 1 from Fortinet.