“One of the unique aspects of IoT (Internet of Things) is that it’s bringing cybersecurity into the physical realm.” Intel Security Group Senior VP Chris Young.
For those that didn’t live through the fear mongering surrounding the anticipated disasters stemming from Y2K, cyber security hasn’t been something that has made a major impact on the average person’s life.
Sure, hacks happen and credit cards are compromised, but in most cases they wouldn’t leave a lasting impact on the average John, or Jane, Doe as passwords can be changed and credit card companies employ large anti-fraud divisions that can remedy stolen funds almost as soon as they’re taken.
With the rapid development and adoption of IoT (Internet of Things) devices, along with our constantly expanding cyber fingerprints, what does the future have in store when it comes to cyber security?
The Ashley Madison Hack: A Rude Awakening
Going back to John and Jane Doe, it was most likely the Ashley Madison hack that thrust the threats posed by cyber security into focus for the average citizen. With the more than 60 gigabytes of data leaked in this now-famous hack, the average citizen was not only aware of the devastating real-life consequences of improperly securing data, but also most like either knew someone, or of someone, directly affected by the hack.
Cheating spouses aside, the widespread adoption of everything from wearable fitness trackers to smart kitchen appliances has injected a new layer of IT into the lives of the average citizen and as the reach of IoT devices continues to broaden, the importance of cyber security for both the makers and users of this technology cannot be ignored.
Legacy Environments upon New Platforms, upon New Operating Systems
One major concern for the future of cybersecurity, according to Intel Security Group Senior VP Chris Young, is the sheer, and diverse, number of new platforms and operating systems being introduced along with the newest IoT products. Add to this the interaction that these platforms will need to have with legacy environments and there is a clear cause for concern about how the data within new IoT devices is stored, secured and able to be accessed.
With number of IoT devices set to more than double between 2016 and 2020 to over 50 billion, cyber security, and more importantly, application security, could play a major role in how fast different verticals of these devices are adopted.
All it could take is one major breach in an emerging market of IoT to immediately stem the public adoption of a technology that is designed to make our lives much better.
An example of this could be a smart medical device designed to automatically administer life-saving drugs to patients with a stigmatized, communicable disease. If hackers were able to gain access to the database and steal the inform either to sell the confidential information on the darknet or even demand a ransom from the victims to keep the information private. In a case such as this, the damage would be irreversible.
While HIPAA was created to help ensure that Protected Health Information (PHI) is secure within electronic technologies, the amount of interactions that emerging technologies may have with existing legacy platforms could result in security gaps through web portals, unpatched mobile software and more.
The Future of Cyber Security will Demand Larger Budgets
As new platforms, and operating systems, for connected devices continue to spring up, security budgets for all organizations involved will need to grow exponentially. As everything from transportation to food preparation becomes interconnected, the digital landscape will become endlessly broad and undefined. As a result, Intel Security Group Senior VP Chris Young has no doubt that security will need to be more complex and faster moving than any other aspect in the IT stack.
The Future of Application Security: A Secure SDLC
As hacks grow in sophistication, and volume, there are serious doubts about how secure we will be able to make the myriad of connected IoT devices that are beginning to automate and change the way we live.
The risks posed by unsecured IoT devices remain a serious cause for concern, especially as these devices continue to emerge in the workplace. While IoT devices continue to become more complex in their design (amount of sensors, ranges wearable computing and even machine to machine and vehicle communication), the key is to ensure that the applications which manage the transmission, access and storage to the data, are always protected. The most efficient and reliable way to ensure this is by ensuring that the Software Development Life Cycle (SDLC) is secure and vulnerabilities are identified, and mitigated, at the earlier stages, rather than the later stages as the application nears production.
This can be accomplished through Static Application Security Testing (SAST) will save the organization immensely in terms of resources as vulnerabilities detected at the later stages of the SDLC can cost up to 100 times more to remediate that those detected at the earlier stages. Additionally, a properly secured SDLC will allow for vulnerability and quality testing to become automated which adds yet another layer of security for the application.
While it’s unclear as to what responsibilities future IoT devices will have, and what roles they may place, it’s certain that the application developers will need to ensure that cybersecurity is a major focus throughout the development process and the first step in achieving this is securing the SDLC.
In part 2 of this post, we will examine other aspects of the future of cybersecurity with a focus on nano IoT, the role behaviour recognition will play in the future of passwords, state-level security threats and more. Stay tuned.