In this year’s study by Ponemon Institute, the average cost of a data breach per compromised record was $148 (with an average total cost being $3.86 million), and the organizations took 196 days, on average, to detect a breach. The companies that acted swiftly were able to reduce the damage by up to $14. Of course this is only the cost to the company to resolve issues and does not include reputational damage or loss of business resulting from a breach. This clearly emphasizes the need to act fast in case of any breaches to minimize the losses. A proactive approach to data security could thus be an effective weapon against the tsunami of cyber-attacks that currently plague digital ecosystems. Gartner estimates that by 2020, a quarter of all attacks levied against corporate players will involve IoT. The paradox is that the very force that drives IoT and the connected system is also a threat to it.
With data becoming the new oil, cyber attackers are utilizing every possible caveat in human or technology defense system. The IoT threat has now become so common that on Aug 2, 2018, the FBI issued a warning that is focused on IoT device security. Basic precautions like changing default usernames and passwords, ensuring patches and updates are applied when issued and rebooting devices are still some of the most common security approaches that users should not avoid.
Technology to the Rescue
Technology is both a cause and cure for security threats. While cyber-attackers take advantage of the advances in technology to bring in gains from them, the IT teams can leverage the same technology to ensure the cyber-attacks are mitigated.
• Encryption: Data encryption at source allows for more data control by ensuring even in case of data theft, it can’t be misused or monetized. This also provides better data handling when moving it across systems and enterprises.
• Machine Learning (ML) and Artificial Intelligence (AI): By continuously feeding data and analyzing them with the help of deep learning techniques, any anomaly in the system could be scrutinized and potential hacks could be detected and prevented quickly. User behavior analytics is especially helpful in cases where data has been compromised or an attacker is posing the credentials of a legitimate user. In a hyper-connected environment, AI can act as a boon by constantly inspecting the interconnected systems and containing those threats well in time. Also considering that many breaches stem from within an organization (both intentional and unintentional), behavioral analytics can help to detect the internal risks.
• Diversity Approach: With AI and ML running on multiple algorithms and entities, decentralizing the security control of autonomous devices could help improve IoT Security. This means, even if the cyber-attacker is somehow able to breach and tag certain algorithm as clean, the system could still figure out the inconsistency from the other algorithm feeds to protect itself. Diversity promises strength and impact that different algorithms can benefit from abundantly.
• Blockchain: The fundamental approach to solve security issues in IoT with Blockchain is the same as in diverse algorithm approach. By de-centralizing the security decision from just one single point to a consensus-based approach, data security is enhanced as before any action; the group consensus would be needed. Blockchain can also help to keep an immutable record of events which can aid the process of tracing the route of a breach or attack.
• Over The Air (OTA) Updates: As IoT is made up of interconnected devices, it is also one of the weakest links that can lead to catastrophic results. In Jan 2018, security researchers got to know of a vulnerability in nearly every chip manufactured in the last 20 years. It was termed as Spectre and Meltdown and has the potential to allow access to cybercriminals to data previously considered as safe. Even though it is a hardware security issue, companies were able to find a way to protect themselves with additional security patches that could be updated over-the-air. Leveraging OTA solutions can significantly reduce the time to update and re-secure the network especially when there are a significant number of remote or mobile devices connected.
• Trust but Verify: Today’s enterprise networks are typically connected to many 3rd party networks from suppliers, partners and service providers. While it is normal to conduct a security audit when the networks are first connected to establish an end to end chain of trust it is vital that regular audits take place and end to end penetration testing is conducted. Trusting partners and suppliers is an important part of doing business but regular verification is required.
Beyond Data Breach: The Cost of Illicit Resource Consumption
Hackers are not only focused on exploiting the data they can lay their hands on. Off late, they have found a new way to siphon organizations of their critical resources with crypto jacking. Surreptitiously mining resources like processing power by installing malware and infections on victim’s systems allow them to mine cryptocurrency. As the threat is not overt, most crypto jacking goes unnoticed for extended periods. With additional load to these resources, organization server and machines often wear out sooner and perform slower adding significant costs to the organization.
Collaborating for a Safer Tomorrow
To benefit from the value that IoT has to offer, i.e., better health, smarter cities, connected cars, secure smart environments and much more, security cannot be an afterthought that you can plug into a device. Efforts of the industry associations like the CTIA, which has come up with a security certification program for IoT space, is a great start to providing a safer IoT future. The strategy where IoT devices are built from the ground up with security as a priority will go a long way in ensuring consumer trust and better adoption of IoT Devices.
The need for stricter and international level law enforcement against cyber-crime would also ensure better IoT security. Above all, consumers could be the most influential force in driving the change in the industry if they reject any IoT offerings that are not designed with security as a priority. When consumers are aware, they ensure a balance between what they exchange in return for their data. The recent introduction of GDPR, in Europe, has raised consumer awareness of cyber security and data protection and is a step in the right direction where organizations will be more responsible with personal data and proactively work towards detecting and containing breaches.
To help enterprise establish a trusted IoT ecosystem, we at HARMAN build solutions that protect their IoT investments by safeguarding interactions between connected systems, platforms and people. To know more about our services or to schedule a meeting, please feel free to write us an email or connect with us on on LinkedIn/Twitter.