Interviews

Cyber security stone age

by Mark Rowe

Ahead of the Fifth Annual Internet of Things Day, on April 9, training provider warns that from a security perspective, the IoT is broken.

As ever more objects connect to each other and to the internet – from cars to pacemakers – it means new possibilities for data gathering, predictive analytics and IT automation. However, as well as providing opportunity for business intelligence, these objects also pose opportunity for increased cyber-attacks, warns QA.

Richard Beck, Head of Cyber Security at QA, says: “There are still many organisations that are yet to engage and understand what the Internet of Things (IoT) means for their environment. More so, the drive to higher profit margins is causing security issues to be ignored.”

The firm is urging business to account for the ‘human element’ when it comes to setting IoT policies, investing in and deploying connected technologies. The trainers call on businesses to plan for adequate education of staff to protect from an increased attack surface and increase in privacy vulnerable applications and devices.

Richard adds: “When it comes to securing the IoT, we’re operating in the equivalent of the cyber security stone age. The security and privacy implications around the growing connectivity of devices is well-documented – an ever increasing attack surface, ever more sophisticated cyber criminals and users’ acceptance that technology will permeate every aspect of their lives.

“As it stands today, from a security and privacy perspective, the IoT is broken. There is no quick fix and we’re operating with an element of risk. What’s the answer? Technology has a role to play for sure. At the very least those organisations and software development teams should consider the privacy challenges of their connected products, devices and platforms. Offering a level of encrypted service for ‘sensitive’ information flow, with authenticated access should be built in user interfaces. The battle ground for the 21st century IoT will be won and lost on the grounds of privacy and strong security controls. Regulators should at least recommend and in time mandate minimum security controls to avoid the continued exposure of our sensitive and private data as we adopt more and more connected technology services at a consumer and business level. This won’t offer 100 per cent protection today, but it might move us on from the cyber security stone age – before the perfect ‘privacy storm’ strikes.

“From the office lighting system and alarm system to wearables technology, almost every business has a connected device operating in it. However, white-hat hackers are finding and regularly reporting vulnerabilities, leaving users open to a potential privacy or data breach. It’s only a question of time before IoT devices are used to pivot into sensitive business areas avoiding legacy security controls. It is important employees have an understanding of exactly how they can protect themselves against being targeted. In some cases, it’s as simple as switching off Bluetooth.”

QA runs a cyber security training curriculum including an introductory course ‘Understanding the Internet of Things’. Visit: www.qa.com.

Related News

  • Interviews

    The next black swan

    by Mark Rowe

    How do businesses plan for the next black swan event? writes Simon Giddins, MD of Blackstone Consultancy, the London-based firm whose services…

  • Interviews

    Gate Safe survey

    by Mark Rowe

    To mark National Gate Safety Week, Gate Safe, (a charity founded to improve standards in automated gate safety) is giving findings from…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing