Securing the information fabric of IoT

Published in News

Just imagine a world where billions of interconnected devices can communicate and share information with one another. This may sound like a typical scene from a sci-fi movie but in reality, we are actually witnessing the rapid proliferation of smart sensors, cameras, software, databases and massive data centres in an intricate world-spanning information fabric known as the Internet of Things (IoT).

IoT refers to the growing number of connected intelligent systems, devices and sensors from automobiles and manufacturing systems to wearable devices, appliances, surveillance cameras, smart energy grids, home and building automation, medical systems and televisions that will generate and share massive amounts of data. IoT is defined as “intelligent interactivity between humans and things to exchange information and knowledge for new value creation”

It is one massive information system with the ultimate goal of making life better in the digital world. With more physical objects and smart devices connected in the IoT landscape, the impact and value that IoT brings to our daily lives will become more prevalent.

According to Frost & Sullivan, the IoT market is set to be one of the fastest growing segments in the Asia Pacific technology industry. The total Asia Pacific spending on IoT is forecasted to be US$79bil (RM317.2bil) by 2020. This offers real opportunities, especially in the areas of transportation, logistics, manufacturing and consumer technology, which are expected to be fast growing segments over the next three years.

Malaysia has already taken its first leap in embracing IoT. The Ministry of Science, Technology and Innovation (MOSTI) and Mimos Berhad have jointly announced the National Strategic Roadmap for the Internet of Things which aims to propel Malaysia into becoming a premier regional IoT hub. The implementation of this far-sighted initiative is set to contribute RM9.5bil to our country’s gross national income (GNI) by 2020, and forecasted to grow to RM42.5bil by 2025.

Admittedly, IoT is the next frontier in digital technology. It will inspire new working practices and business processes, spark a new wave of innovation, enable more Malaysian companies to penetrate new markets and industries and encourage greater investments in technology. The IoT opportunity in the application and service is estimated to reach RM34bil by 2025 compared to RM7.5bil in 2020.

Opening fhe floodgates to cyber threats 

Market researcher Gartner, Inc. predicts that 6.4 billion connected things will be in use worldwide this year, up 30% from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day. And every single one of those devices will be a potential point of vulnerability.

As such, securing IoT represents new challenges in terms of the type, scale and complexity of the technologies and services that are required. Not surprisingly, cyber-attackers are also turning their attention to the growing IoT space and exploiting potential security vulnerabilities at an alarming rate. IoT will open the floodgates to cyber threats as all things connected to the Internet have increased cyber-attack surfaces exponentially. The more connected one is, the more vulnerable one becomes.

According to Fortinet, the world would have 3.2 billion Internet users, 1.3 billion smartphones being shipped worldwide and three billion new devices per year through 2020. On the back of a hyper-growth in IoT technologies, consumers and organisations are putting users’ information, privacy and security at great risk. According to a report by AT&T, there was a 458% increase in vulnerability scans of IoT devices in the last two years. Of course, with such high number of exposed vulnerabilities, it can be very daunting for cyber guards to safeguard the large amount of information. 

Surface for malware attacks become wider and deeper

Securing a network is getting more challenging as malware can now easily bypass the traditional firewall. Consequently, the surface attacks become wider and deeper due to IoT. Furthermore, most connected devices are created with simple malware detection, if any. This makes it easier for cybercriminals to compromise the network.

IoT security needs to be addressed on multiple layers. The biggest risk lies within the devices themselves, as well as from the platforms that support those devices. The software used for IoT devices is vulnerable to threats as most are built on open source libraries and components. Developers need to be aware that to create a robust product, they must secure software development practices, backed by rigorous testing programs to identify and fix patches.

CyberSecurity Malaysia is pushing for more Malaysian IT product manufacturers to adopt Common Criteria certification  one of the most widely recognised security certification for IT products in the world. Common Criteria for Information Technology Security Evaluation (CC) or international standard ISO/IEC 15408 provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and repeatable manner at a level commensurate with the target environment for use.

Unknown devices create havoc in networks

The second issue on IoT security is not with the device itself, but how and more importantly where the device is used. Unknown devices that are introduced to an organisation’s network opens up new vulnerabilities. Thus, companies need to institute clear technology acquisition guidelines and enforced periodic administrative and security assessments. This will enable different IT departments within the organisation to communicate their needs and identify any IoT devices in the network to ensure security and stability of all of business resources.

Rethinking security for IoT

Most organisations are still discovering the cybersecurity repercussions of IoT. It is an enormous task to accomplish due to the sheer size, ability and variability of connected devices and appliances. Therefore, it is important that a cybersecurity team within a company is equipped with the right skills and expertise to identify connected IoT devices, ensure the traffic is smooth, secure all data and be able to distinguish the different types of communications that exist within the network.

With multiple IoT devices being interconnected in various locations and security profiles, a more dynamic and secure policy enforcement is required. It is almost impossible for people to keep up with the numerous amounts of threats and alerts. More than ever, organisations should be prepared and ensure correct practices and security controls are used accordingly to safeguard the large amount of data.

Adding security to the IoT world is simply not enough. It is critical for companies to ensure that actions are taken once danger is realised. Compromised IoT devices can be misused for DDos attacks, cyber warfare, malware attacks, advanced persistent threats without a proper secured network. Organisations in Malaysia must not only understand the importance of addressing today’s IoT security issues, but also rethink their cybersecurity strategies in order to build a safer and more secure digital world.

Source: The Star