- IoT devices complicate the security landscape further
- Integrated solutions required to combat growing threat
IN THE past five years, the Internet of Things (IoT) has passed the stage of hype and is now a reality that we all live in. Enterprises caught up in the wave of digital transformation have continuously turned to IoT as a means to drive greater savings and efficiency.
However, as Symantec chief technology officer for Asia Pacific and Japan Nick Savvides pointed out, companies often fail to understand the threat they face when deploying IoT technologies. What they end up doing is increasing the attack surface or number of exploitable vulnerabilities in a system or network.
Giving an example, he said that a typical enterprise may have 60,000 devices connected to the network but only 42,000 may be visible or known to them. It is startling to know that the remaining 18,000 devices are unknown.
These devices could be anything from security cameras and building management systems to smart lighting controllers. All have been installed without considering the security aspect.
“The problem with controlling such a vast network of devices is that the tools and skill set that IT departments possess do not fit the task.
While they have control over typical devices like your laptop computers or tablets that enter the network, no one thinks to involve them if a new smart lighting system that connects all the lights to the WiFi network needs to be secured.
Savvides proposes that IT teams need to gain visibility on all devices that connect with the corporate network and services. Take no chances and “harden” devices on the edge. Strip them and allow them rights to talk only to certain other devices.
Enter the integrated cyber-defence platform
Given the enormous task of managing an ever-changing network environment with many connected devices, it may be too much for an IT department to handle.
This then drives the need for an all-encompassing security solution to protect information across all points, networks and applications. This comes in the form of Symantec’s Integrated Cyber Defence Platform.
“Security architecture today needs to prevent attacks, detect them quickly and allow for fast response,” said Symantec senior vice president of Asia Pacific & Japan Sanjay Rohatgi.
The problem is that one organisation may have 15 solutions from different vendors and all of them operate in silos, hence further complicating things.
“Cyber-defence is very much compliance-driven. It is a tick in a box rather than a holistic approach. In Asia Pacific, the amount of security spend is only 2%- 3% of the total IT budget, a pitiful amount compared to the 10% spent by companies in the United States and Europe,” he said.
The monetary loss in data breaches is quite huge, ranging in the millions of dollars, he cautioned. “Once a customer’s confidence is lost, it can’t be regained easily. So, consider investing in preventive measures to ensure that doesn’t happen,” he said.
According to Sanjay, Symantec is taking the approach of integrating all its products and linking it with their intelligence network. A combination of machine learning and Artificial Intelligence is used to monitor applications, determine their behaviour and inform IT security of abnormalities.
It has also built an open platform so that not only Symantec’s solutions can talk to each other, but also include third parties.
“We understand the value of partnership hence we are building an open architecture where we are able to integrate with other players. We invite the industry to join us because we recognise that this is not something that we can do on our own,” he added.
Cyber-security threats to cost Malaysian organisations US$12.2bil in economic losses
Fortinet in threat information sharing agreement with Interpol
The challenge of scaling up security for a whole country
For more technology news and the latest updates, follow us on Facebook, Twitter or LinkedIn