Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

IoT

42% rise in companies reporting cyber attacks by foreign governments

960 640 Stuart O'Brien

In 2018, 19% of organisations believed they were attacked by a nation-state – That figure increased to 27% in 2019, with companies in North America the most likely to report nation-state attribution, at 36%.

That’s according to Radware’s 2019-2020 Global Application & Network Security Report, which found that more than one in four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. 

“Nation-state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero-day exploits, and the patience to plan and execute operations,” said Anna Convery-Pelletier, Chief Marketing Officer at Radware. “These attacks can result in the loss of sensitive trade, technological, or other data, and security teams may be at a distinct disadvantage.”

Radware says the findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, serverless architectures, and a mix of multiple cloud environments. Two in five managers reported using a hybrid environment that included cloud and on-premises data centers, and two in five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.

As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic. For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks, and 46% are not sure if they suffered an encrypted DDoS attack. 

Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet.  Companies are increasingly adding and relying upon new paradigms, like microservices, public and hybrid clouds, and IoT, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams.  Security is often an afterthought as businesses march forward, and there is a misconception that ‘good enough’ is enough.”

In addition, the report also found:

The emergence of 5G networks. As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared.  

Be careful what you wish for in terms of IoT. 5G promises to advance organisations’ implementation of and the value they derive from IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%.

Data loss is top concern. About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, down from 35% the previous year, followed by service outages at 23%.  Meanwhile, 33% said that financial gain is a leading motivation for attacks.

To read Radware’s ERT report, visit https://www.radware.com/ert-report-2020/

Top 10 IT security predictions for 2018

960 640 Stuart O'Brien

Ian Kilpatrick, executive vice president for cyber security company, Nuvias Group, offers his top 10 IT security predictions for the year ahead…

1. Security blossoms in the boardroom

Sadly, security breaches will continue to be a regular occurrence in 2018 and organisations will struggle to deal with them. New security challenges will abound and these will grab attention in the boardroom. Senior management is increasingly focusing on security issues and recognising them as a core business risk, rather than the responsibility of the IT department alone. The coming year will see further commitment from the boardroom to ensure that organisations are protected.

2. Ransomware has not gone away

Too much money is being made from ransomware for it to disappear – it won’t. According to Cyber Security Ventures, global ransomware damage costs for 2017 will exceed US$ 5 billion, with the average amount paid in ransom among office workers around US$ 1400. Companies can help prevent ransomware by tracking everything coming in and out of the network and running AV solutions with anti- ransomware protection. And, of course, you should do regular backups to a structured plan, based around your own business requirements – and make sure you test the plans.

3. IoT – A security time-bomb

IoT is a rapidly growing phenomenon which will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and 2018 will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches. As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.

4. More from the Shadow Brokers

The Shadow Brokers, a hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc in 2017 with the Wannacry ransomware episode. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10.

There will certainly be further episodes from them in 2018, so patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organisations hold, including PII (Personally Identifiable Information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.

5. GDPR – Have most businesses missed the point?

The arrival of GDPR in May 2018 will, of course, be a big story. However, many organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important in 2018 and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.

6. GDPR Blackmail – The new ransomware?

Unfortunately, GDPR will give a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organisation harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!

7. DDoS on the rise

It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/. This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack!

8. Cloud insecurity – It’s up to you

Problems with cloud insecurity will continue to grow in 2018 as users put more and more data on the cloud, without, in many cases, properly working out how to secure it. It is not the cloud providers’ responsibility to secure the information – it is down to the user. With the introduction of GDPR in 2018, it will be even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.

9. The insider threat

Historically, insider threats have been underestimated, yet they were still a primary cause of security incidents in 2017. The causes may be malicious actions by staff or simply poor staff cyber-hygiene – i.e. staff not using the appropriate behaviour required to ensure online “health.” In 2018, there will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behaviour. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.

10. Time to ditch those simple passwords

In 2018, simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.

IoT projects held back by security concerns

960 640 Stuart O'Brien

The majority (94%) of IT professionals from organisations that are undertaking Internet of Things (IoT) initiatives say they need to invest in it over the next 12 months in order to stay competitive – but they are facing significant barriers to adoption.

These obstacles include security concerns, the cost of implementation and commitment from the company’s leadership.

The findings are part of a major new report released by the Wi-SUN Alliance, a global association driving the proliferation of interoperable wireless solutions for use in smart cities, smart grids and Industrial IoT applications.

The research, which looks at attitudes to IoT, including the drivers, barriers, challenges and benefits, surveyed 350 IT decision makers in the UK, US, Sweden and Denmark. While all respondents come from organisations that are investing in at least one IoT initiative, just over half (51%) report that they have a fully implemented IoT strategy in place, while more than a third (36%) have one being rolled out. While enabling IoT is the second most important IT priority for the next 12 months, only just behind improving security, almost all respondents (90%) have struggled to implement a plan, with over a third (36%) saying they find it “very or extremely difficult”.

Security tops the list of major concerns, holding back nearly six in ten (59%), while cost of implementation is also a barrier, delaying around half (46%). More worrying is that, while 42% say that creating efficiencies for the business is an important driver to implementing IoT initiatives and 37% say the same for reducing operational costs, getting access to funding for projects is a problem, with a third (32%) admitting this is a barrier. The same amount struggle because of reluctance by senior executives in the organisation to commit to IoT projects.

As well as barriers, the research also highlights technical challenges that organisations are facing when delivering on IoT initiatives and processes. Security and safety tops the list at 63%, while data management (46%), network configuration (41%) and recruiting the right IoT skills and resources (39%) are also seen as technical challenges.

For implementation of smart city and smart utility solutions, proven security with multi-layer protection and continuous monitoring is considered ‘absolutely crucial’ for around half of respondents, while industry-wide open standards are also crucial (45% and 43% respectively).

The benefits of IoT are also widely recognised, with the majority of respondents citing better business efficiency (54%), improved customer experience (49%) or better collaboration (48%). Nearly half (45%) have seen lower costs and 41% higher customer satisfaction.

According to the Wi-SUN research, when organisations are evaluating which IoT technology to move forward with, 58% look for network topology and coverage, while communications performance (53%), industry standards support (52%), and power efficiency (50%) are also sought after. Around half look for reliability (47%) or scalability (44%).

“When it comes to the design, development and implementation of IoT projects, especially around smart cities and smart utilities, there are a number of issues that organisations are having to contend with and security is proving to be a particularly significant barrier,” according to Phil Beecher, President and CEO, Wi-SUN Alliance.

“The research highlights that more education is needed: there are many network options, but not all provide the features necessary for large-scale outdoor networks, as required by smart cities or utilities. For instance, unlike tower-based networks, such as LoRa, SigFox, Ingenu and NB-IOT, Wi-SUN Field Area Network (FAN) specifies a wireless mesh network, which not only supports higher data rates and bi-directional data transmission, but can also provide complete coverage with greater resilience and reliability. Wi-SUN FAN networks are also highly secure as only “vetted” devices can join the network, preventing compromised devices from causing disruption of essential services that may include public safety. It is essential that organisations understand the level of security and the associated risks provided by different network solutions, and choose the very highest security levels available for their IoT networks.”