The unchecked advancement and growing concerns over dependency on IoT devices can no longer be classified as “new.” What’s new is the sophistication of malicious tools, increased use of vulnerable devices in our daily lives, and ease of access to all things connected to the internet.
While a growing number of security updates, vulnerability monitors, and software patches are available in real-time, organisations still constantly find themselves at the risk of data breaches and susceptibility. Looking back at recent data breaches (as listed in the Online Trust Alliance’s Cyber Incident & Breach Trends Report), no company – big or small – is safe. Manufacturers, customers, vendors, and stakeholders are all exposed to the same level risk.
As data becomes an increasingly valued asset, data breaches are rising with alarming frequency and impact. Just last year, a theft of data belonging to 57 million riders and drivers was reported at Uber, while data of 14 million customers was breached through an unsecured Amazon Cloud server at Verizon. Of course, the biggest lesson learned was from the infamous
Equifax incident, where financial data of 145 million people from several countries was exposed.
Unsurprisingly, the last year was marked as the ‘worst year’ in cyber incidents by the same report. Increase in smart devices and network-attached equipment is also furthering the range of targets for actors who target devices with weak authentication and software vulnerabilities.
While organisations invest time and energy in improved software ecosystem, advanced hardware, and secure firmware, there are some practical solutions that must be implemented to secure data in the long term and always be ready to mitigate attacks.
While there’s no blueprint available for an invincible security culture, there is a lot that can be
done to achieve maximum immunity and incident readiness. To think that an organisation is too small or too big to hack is a common mistake. As pointed out by OTA’s Cyber Incident & Breach Trends Report, a whopping 93 per cent of the reported breaches were avoidable (consistent to the previous year).
Complete and regular risk assessment, proactive systems for response to potential threats, secure structures for software and hardware, security compliance to government standards and regulations, employee awareness and training programs, and cross-platform data encryption can go a long way in securing the organisation from threats.
Commitment to cloud
Apart from internal threats, many vulnerabilities are beyond the control of the organisation and depend on third-party cloud solutions or the efforts of hired help. From LinkedIn to Dropbox, from Mexican elections to WWE, every organisation or group is vulnerable to cloud-based data breaches.
However, the ethical consciousness and security culture of the cloud provider are beyond reach of their customers. That said, regular security audits, agreements that involve third-party inspection, voluntary commitments to security measures, and regular reports on the procedures employed by the vendor can help tie up a lot of loose ends.
While the cloud does offer its own sophisticated monitoring system, proactive response structure, regulated data management practices and compliance standards, responsibility and caution for the human element is a must. As Go Nimbly CEO Jason Reichl rightly said, “Many recent data breaches have been reported incorrectly. For example, the security breach at Target occurred because a vendor who had access to the company’s portal left a computer on and walked away. No one was hacking the Cloud. It was human error, and the Cloud cannot protect you from that.”
Human vigilance is a part of all multi-faceted security practices. However, the modern workplace is sprawling with diverse gadgets and devices that are almost always beyond scrutiny, and commonly a part of employees’ personal accessories (which are governed by a totally different set of rules and policies).
Smart watches, network printers, smartphones, wearables, etc. only increase the risk perimeter and scope for exploitation with the large quantum of unchecked data being exchanged from private and unsecured devices.
There are solutions developed to specifically address the needs of managing IoT devices; these solutions update, patch, monitor and manage devices which are on the network, as well as connect on and off to it. Predictive and advanced IT management is the need of the hour. Products like Cloud Management Suite offer cost-effective and reliable security automation solutions to the needs of organisations of all sizes.
Compliance is key
With increasing legislative attention being showered on data management and security, it is a basic standard for businesses to commit to security, safety, and responsibility when it comes to data transfer and monetary transactions.
The actions taken and penalties by the regulatory authorities against careless or inadequate data management by companies have also increased multifold in 2018. Organisations
must ensure that all their data storage and handling practices are in compliance and uphold the values of international regulatory policies such as the EU’s GDPR.
Protection from ransomware
Apart from breaches arising from specific network security issues or human error, there is an array of security threats posed by phishing mail attacks, drive-by malware, malvertising, and other intentional ransom-related criminal attacks.
It is mandatory to maintain offline backups of data if you want to be prepared in the event of such an attack. Training employees against such attacks, regular monitoring, checks against suspicious emails, browser-installed scanners for malware, and implementation of DDoS protection services can limit the extent of risk. It’s the IT department’s responsibility to be aware of rights, regulatory actions, and legal procedures in such events.
Take the security breach that took place at a casino, where hackers accessed its high-roller database via a thermometer in a lobby aquarium. "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," explains Nicole Eagan, CEO of Darktrace.
Over to you
Data management and protection should be a shared moral code for employees, vendors, executive management, and owners of all brands and firms. There is no isolated victim of a data breach. Joint commitment of companies and governments in synergy towards incident readiness and ethical practices can navigate the IoT ecosystem towards a safer and more reliable environment.
Dipti Parmar, business and marketing consultant
Image source: Shutterstock/everything possible