IoT poses complex security questions for business

Bad data and botnets are an emerging threat, say RSA speakers

Businesses must consider the Internet of Things (IoT) and other connected devices more seriously as a security threat vector, according to cybersecurity experts.

In his opening keynote at RSA Conference 2017 in San Francisco, Zulfikar Razman, CTO of RSA, pointed to the many ways that connected devices have been turned to the dark side, both in lab conditions and real life.

Advertisement - Article continues below

"Two researchers remotely disabled an SUV while it was in motion. What happens when there are millions of autonomous vehicles on the road that can be disabled at once, or accelerated at once toward a common target?" asked Razman.

Turning to the Mirai botnet, although without mentioning it by name, he added: "Are the people working on new technologies considering how their designs could be exploited? Did the makers of Wi-Fi baby cams imagine that one day they'd be accessories to the world's largest distributed denial of service attack?"

Razman wasn't the only one to speak up on the subject of IoT vulnerabilities during the morning talks. Also addressing the audience from the main stage, Chris Young, SVP and GM of Intel Security said that despite potential vulnerabilities, we know that self-driving cars will be hitting our streets in the near future. But there is another element involved: potential tampering with traffic systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"What about the data models themselves ... that we will increasingly reliant on to ensure the safe transport of millions of people and items every day? So we're no longer worried about going after the car but actually going after the traffic systems themselves through the insertion of false data," said Young.

"I don't see Big Data as a problem Big Data's certainly going to usher in many possibilities for society. But when the Big Data itself gets manipulated by the insertion of bad data, is when that small insertion can become a huge story for all of us."

Young also pointed to the increase in consumer IoT as being a potential risk factor for businesses."Over the past year, we've had pointers to a new attack surface ... one that we've got to pay more attention to as we look forward," he said, "and that attack target is the home."

Advertisement - Article continues below

According to Young, there are several reasons the business security industry needs to care more about information security in the home.

"First, it's increasingly where all of our employees do their work. So if you want to worry about where your next vulnerability or governmental vulnerability might lie, it's likely to be in the home of the people who work for you."

"The other reason is that those homes now have more powerful, more connected devices that are increasingly being used to launch larger and more sophisticated attacks against us," Young said. "The question I'd ask all of us in cyber security here at RSA [Conference] is how many of us actually take the home into account when we design our cybersecurity architectures, when we provision our cybersecurity tools."

Young pointed to the Mirai botnet, which last year caused chaos when it was used to launch a DDoS attack against the Dyn DNS. Mirai is powered largely by unsecured IoT devices, like home routers and security cameras.

Advertisement - Article continues below

"We could certainly in this business ... dismiss it as yet another large-scale denial of service attack. There's many of them ... it's nothing new for any of us. But I'd argue that this is just a test," Young said.

"The attackers are just trying to see what they can do next what's possible, what are the limits of their capability using this new set of attack tools. And we can't think of the Mirai botnet in [the] past tense, it's alive and well today and recruiting new players. And it's no coincidence that 'mirai' actually means 'future' in Japanese, because it points us to where we're headed with new types of attacks."

Features editor Jane McCallion is on the ground at RSA Conference 2017 in San Francisco all week. Follow her on Twitter for live updates and bookmark our dedicated page for more coverage from the business security conference.

Image credit: Jane McCallion

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/security/phishing/355120/hackers-pose-as-three-to-exploit-high-data-demand
phishing

Hackers target Three customers with "sophisticated" phishing scam

26 Mar 2020