- Security TWENTY
- Women in Security
Mirel Sehic, Global Director of Cybersecurity for Honeywell Building Solutions, suggests that cybersecurity for Operational Technology (OT) will become a key safety and security metric for many, due to the interconnectivity of systems potentially opens up new routes of access for cyber-attack.
Sehic says: “Historically, we’ve often seen a serious lack of awareness and preparation around OT cybersecurity issues, but that’s starting to change. More attention and more budget is oftentimes being dedicated to furthering basic cyber hygiene upkeep and OT cybersecurity incident readiness – and we expect that to continue in 2020. But it’s typically not enough.
“Cybersecurity assessments must be carried out across a building’s OT infrastructure to identify gaps. Honeywell recently helped one of the world’s largest financial services institutions better safeguard its assets, which included multiple buildings and thousands of employees. The team performed vulnerability testing, deploying advanced strategies for cybersecurity and creating a methodology for data management to help prevent leakage of valuable digital information.”
This year, we’ve seen overwhelming threats and traditionally large-scale DDoS attacks decrease. While this would normally be cause for celebration, such attacks have been overshadowed by the rise of smaller, more carefully targeted incursions, says Anthony Chadd, Global SVP, Neustar.
“In 2020, we’ll see this upward trend continue, with intensity and duration replacing brute force and size as key concerns for cybersecurity professionals. Such attacks do not seek to saturate the network link, but instead to degrade or disable specific infrastructures within the target.
“In a bid to understand, identify and diminish these small-scale threats, organisations must reassess the detect and protect measures they already have in place, ensuring that an ‘always on’ DDoS mitigation strategy is deployed. When asked how likely they would be to notice today’s most prevalent smaller attacks, just 28 percent of security leaders answered very likely, with the remaining 72 percent lacking the same confidence.
“With smaller attacks frequently flying under the radar, cybersecurity professionals need to change their approach to security next year, constantly monitoring traffic to ensure threats of all sizes are spotted, managed and fought against. Organisations also need to establish a greater level of understanding as to what exactly they have at risk and therefore where they need to deploy the most protection.
“We know DDoS attacks are getting smaller, but we also know size does not always go hand-in-hand with impact – it’s now the attacks we fail to see that have the potential to cause the most damage.
“Despite 2019 seeing huge growth in the IoT market, with Fitbit and Alexa sales booming, security protocols for these connected devices have yet to become as mainstream. In fact, fewer than half (47pc) of security professionals recently admitted to having a plan in place to deal with attacks on their IoT equipment, even though nine in ten are concerned about future threats.
“In most cases, IoT equipment is still being manufactured with only basic security in mind. While this may not have been such an issue a few years ago, malicious actors are now all too aware of the various entry points they can tap into to infiltrate wider networks. In the last year alone, 48 percent of organisations experienced a cyberattack against their IoT or connected devices. It is crucial, therefore, that businesses understand and identify exactly what is at stake when it comes to the IoT, and build a cohesive security strategy around this.
“Next year, as IoT capabilities continue to expand and use-cases span further into our homes and offices, professionals will place a greater focus on deploying more than ‘out-of-the-box’ security for these devices. In fact, recently, 38 per cent of CTOs, CIOs and security execs claimed they are in the process of developing a plan for their IoT security, pointing at a fundamental need to ensure the appropriate controls are in place.”
Joseph Feiman, chief strategy officer, at application security product developer WhiteHat Security, sees society moving toward greater openness and broadly sharing information, including data that just a few years/decades ago was considered most sensitive.
He says: “Sharing takes place via a wide variety of professional and social networks and public media. Governments are under social pressure to open more information as well. This combination of the: 1) growing volume of information, 2) complexity and ineffectiveness of protection technologies, and 3) growing openness, will lead to the realisation that: A) it is impossible to protect it all, B) there is no need to protect it all. Governments, organisations and individuals should realise that protection of all information is unrealistic, and the battle for it has been lost (actually, the victory has never been possible). They should explore their ability to protect somewhere around 25pc of the information they own/handle. For that, they have to select the subset of the most valuable information that is worth protection and that is feasible to protect. They should be gradually, over the years, placing the remaining 75pc of the information in the fully/partially open access realm.”