There is a paradigmatic shift in the way digital is becoming part of our life: from digital payments, to the way we shop or even interact with each other. Today, there are millions of connected devices, smartphones, as well as Internet users. This number is increasing by the hour. According to IHS Markit, the number of connected Internet of Things (IoT) devices worldwide will jump 12 per cent on average annually, from around 27 billion in 2017 to 125 billion in 2030. Such is the extent of this digital revolution. This is bound to have far-reaching implications for organizations as far as cyber security is concerned.
“IoT security will need to be deterministic. The device must itself be impenetrable. This can be achieved by developing software protocols that are resistant to attacks. Further, there is a need to standardize protocols through which devices will connect and communicate in future. The largest risk in IoT will be attack by state actors (Stuxnet, Sony targeted by North Korea, etc.) or activist hence devices have to posses self-learning and healing capabilities,” says Kalpesh Doshi, chief information security Officer, APAC, Group IT, Capgemini Technology Service India Limited.
“IOT ecosystem consists of four segments. The sensors that collect the required data, the data carriers/network which transfer the data from sensors to a centralized platform, a centralized platform to ingest, process, analyze and report the data and, finally the client’s technology environment, which uses the platform to take business decisions. It is imperative that all the four environments are secured w.r.t access control, data security, threat detection and response. While each of these need to have security controls inbuilt (sensor to have data encryption, local storage security, identity protection, non-repudiation etc.) enabled, the network need to ensure end-to-end security and reliability,” says Amit Pradhan, CTSO, Chief Privacy Officer and SVP - Tech Security, Vodafone India Limited.
In such a scenario, it becomes vital for organizations to secure their information while providing the best user experience.
“It must be assessed if the network uses a dedicated environment or a shared / syndicated environment. The platform needs to be rigorously tested for security weakness and infiltration possibilities. Additionally, security at the customer end shall ensure secure access, prevention of malicious disruption and data integrity issues. Finally, An IOT security policy must be drafted to set the expectation of the security posture of the IOT environment,” adds Amit Pradhan.
Moreover, another report estimates that the Industrial Internet of Things (IIoT) could add $14.2 trillion to the global economy by 2030. All this makes a chief information security officer’s job that much more difficult.
“CISO can focus on risk closely to see whether countermeasures help them mitigate the risk or how different risks may cascade to create a huge security challenge for the organization,” adds Kalpesh Doshi.
Asked how such security threats can be mitigated and whether there can be a technology that can act as a panacea for all such security concerns, Satish Warrier, CISO, Stock Holding Corporation of India Ltd, says: “Increase awareness amongst all users / employees through effective training programs, since several attacks exploit the human factor; essentially ignorance & greed. It may be added, there is no single technology that can stop every threat. To do that, it is important to establish a comprehensive and cohesive security infrastructure that can cover all the attack vectors. The same should be equipped with the latest technologies / intelligence such as Sandboxing / AI & ML and also be automated to keep pace with the fast-moving attacks.”
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions