IoT poses complex security questions for business

Bad data and botnets are an emerging threat, say RSA speakers

Businesses must consider the Internet of Things (IoT) and other connected devices more seriously as a security threat vector, according to cybersecurity experts.

In his opening keynote at RSA Conference 2017 in San Francisco, Zulfikar Razman, CTO of RSA, pointed to the many ways that connected devices have been turned to the dark side, both in lab conditions and real life.

Advertisement - Article continues below

"Two researchers remotely disabled an SUV while it was in motion. What happens when there are millions of autonomous vehicles on the road that can be disabled at once, or accelerated at once toward a common target?" asked Razman.

Turning to the Mirai botnet, although without mentioning it by name, he added: "Are the people working on new technologies considering how their designs could be exploited? Did the makers of Wi-Fi baby cams imagine that one day they'd be accessories to the world's largest distributed denial of service attack?"

Razman wasn't the only one to speak up on the subject of IoT vulnerabilities during the morning talks. Also addressing the audience from the main stage, Chris Young, SVP and GM of Intel Security said that despite potential vulnerabilities, we know that self-driving cars will be hitting our streets in the near future. But there is another element involved: potential tampering with traffic systems.

Advertisement - Article continues below
Advertisement - Article continues below

"What about the data models themselves ... that we will increasingly reliant on to ensure the safe transport of millions of people and items every day? So we're no longer worried about going after the car but actually going after the traffic systems themselves through the insertion of false data," said Young.

"I don't see Big Data as a problem Big Data's certainly going to usher in many possibilities for society. But when the Big Data itself gets manipulated by the insertion of bad data, is when that small insertion can become a huge story for all of us."

Young also pointed to the increase in consumer IoT as being a potential risk factor for businesses."Over the past year, we've had pointers to a new attack surface ... one that we've got to pay more attention to as we look forward," he said, "and that attack target is the home."

Advertisement - Article continues below

According to Young, there are several reasons the business security industry needs to care more about information security in the home.

"First, it's increasingly where all of our employees do their work. So if you want to worry about where your next vulnerability or governmental vulnerability might lie, it's likely to be in the home of the people who work for you."

"The other reason is that those homes now have more powerful, more connected devices that are increasingly being used to launch larger and more sophisticated attacks against us," Young said. "The question I'd ask all of us in cyber security here at RSA [Conference] is how many of us actually take the home into account when we design our cybersecurity architectures, when we provision our cybersecurity tools."

Young pointed to the Mirai botnet, which last year caused chaos when it was used to launch a DDoS attack against the Dyn DNS. Mirai is powered largely by unsecured IoT devices, like home routers and security cameras.

Advertisement - Article continues below

"We could certainly in this business ... dismiss it as yet another large-scale denial of service attack. There's many of them ... it's nothing new for any of us. But I'd argue that this is just a test," Young said.

"The attackers are just trying to see what they can do next what's possible, what are the limits of their capability using this new set of attack tools. And we can't think of the Mirai botnet in [the] past tense, it's alive and well today and recruiting new players. And it's no coincidence that 'mirai' actually means 'future' in Japanese, because it points us to where we're headed with new types of attacks."

Features editor Jane McCallion is on the ground at RSA Conference 2017 in San Francisco all week. Follow her on Twitter for live updates and bookmark our dedicated page for more coverage from the business security conference.

Image credit: Jane McCallion

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020