IoT poses complex security questions for business

Bad data and botnets are an emerging threat, say RSA speakers

Businesses must consider the Internet of Things (IoT) and other connected devices more seriously as a security threat vector, according to cybersecurity experts.

In his opening keynote at RSA Conference 2017 in San Francisco, Zulfikar Razman, CTO of RSA, pointed to the many ways that connected devices have been turned to the dark side, both in lab conditions and real life.

"Two researchers remotely disabled an SUV while it was in motion. What happens when there are millions of autonomous vehicles on the road that can be disabled at once, or accelerated at once toward a common target?" asked Razman.

Turning to the Mirai botnet, although without mentioning it by name, he added: "Are the people working on new technologies considering how their designs could be exploited? Did the makers of Wi-Fi baby cams imagine that one day they'd be accessories to the world's largest distributed denial of service attack?"

Razman wasn't the only one to speak up on the subject of IoT vulnerabilities during the morning talks. Also addressing the audience from the main stage, Chris Young, SVP and GM of Intel Security said that despite potential vulnerabilities, we know that self-driving cars will be hitting our streets in the near future. But there is another element involved: potential tampering with traffic systems.

"What about the data models themselves ... that we will increasingly reliant on to ensure the safe transport of millions of people and items every day? So we're no longer worried about going after the car but actually going after the traffic systems themselves through the insertion of false data," said Young.

"I don't see Big Data as a problem Big Data's certainly going to usher in many possibilities for society. But when the Big Data itself gets manipulated by the insertion of bad data, is when that small insertion can become a huge story for all of us."

Young also pointed to the increase in consumer IoT as being a potential risk factor for businesses."Over the past year, we've had pointers to a new attack surface ... one that we've got to pay more attention to as we look forward," he said, "and that attack target is the home."

According to Young, there are several reasons the business security industry needs to care more about information security in the home.

"First, it's increasingly where all of our employees do their work. So if you want to worry about where your next vulnerability or governmental vulnerability might lie, it's likely to be in the home of the people who work for you."

"The other reason is that those homes now have more powerful, more connected devices that are increasingly being used to launch larger and more sophisticated attacks against us," Young said. "The question I'd ask all of us in cyber security here at RSA [Conference] is how many of us actually take the home into account when we design our cybersecurity architectures, when we provision our cybersecurity tools."

Young pointed to the Mirai botnet, which last year caused chaos when it was used to launch a DDoS attack against the Dyn DNS. Mirai is powered largely by unsecured IoT devices, like home routers and security cameras.

"We could certainly in this business ... dismiss it as yet another large-scale denial of service attack. There's many of them ... it's nothing new for any of us. But I'd argue that this is just a test," Young said.

"The attackers are just trying to see what they can do next what's possible, what are the limits of their capability using this new set of attack tools. And we can't think of the Mirai botnet in [the] past tense, it's alive and well today and recruiting new players. And it's no coincidence that 'mirai' actually means 'future' in Japanese, because it points us to where we're headed with new types of attacks."

Features editor Jane McCallion is on the ground at RSA Conference 2017 in San Francisco all week. Follow her on Twitter for live updates and bookmark our dedicated page for more coverage from the business security conference.

Image credit: Jane McCallion

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020
Mobile browser flaw exposes users to spoofing attacks
Security

Mobile browser flaw exposes users to spoofing attacks

21 Oct 2020
Lumen's digital portal simplifies the ordering of IT solutions
Business strategy

Lumen's digital portal simplifies the ordering of IT solutions

20 Oct 2020
US charges six Russians behind NotPetya and Olympics hacks
Security

US charges six Russians behind NotPetya and Olympics hacks

20 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020