Is IoT turning into the 'internet of threats'?


network (GraphicStock)

Image (GraphicStock) - Networks


  During the announcement of an upgrade to an industry solution in Malaysia, a network cybersecurity specialist player noted the sharp rise of attacks linked to IoT (internet of things) devices.

Recent media reports of IoT-based attacks have spotlighted the massive scale of attacks made possible by weaponising billions of devices, which can be used to disrupt the digital economies of entire countries and millions of users.

These issues are compounded by the lack of basic security features and management capabilities in many IoT devices, said Michelle Ong, Fortinet's Malaysia country manager.
Ong said this represented "a major challenge for enterprises in Malaysia today whose data needs to remain secure as it traverses many types of devices and environments, from tablets to cloud applications."

"Malicious cyber actors have been increasingly targeting the billions of IoT devices online today, essentially turning the Internet of Things into an Internet of Threats," she added.

Visibility and control

Ong (pic below) pointed out that Malaysian companies were hampered by a lack of visibility and control. "Current point products and platform security solutions lack the visibility and wider network integration necessary to see, let alone secure, the IoT attack surface."

Michelle Ong, Country Manager for Malaysia, Fortinet (2017

"It is critical that today's enterprises implement security solutions that can identify, understand, and protect their infrastructures from the massive attack surfaces created by IoT," she said.

Ong moved on to include the company's offering. "[Our] Security Fabric arms Malaysian enterprises with proven security capabilities today, while providing a foundation for the visibility and automation required to maintain an effective IoT cybersecurity posture in the future."

Why a security fabric? She said: "Malaysian enterprises need to consider three strategic network security capabilities to harden their infrastructure against IoT threats." These are:
1. Learn - Complete network visibility is critical to securely authenticate and classify IoT devices, build risk profiles, and then assign IoT device groups based on identified trustworthiness.
2. Segment - Enterprises need to be able to segment IoT devices and communications into policy-driven groups and grant baseline privileges suitable for the specific IoT risk profile.
3. Protect - A fabric solution, which is automated, provides the required capability to correlate IoT security incidents and threat intelligence to deliver a synchronised response to IoT threats. It also ensures that compromised IoT devices can be quarantined and remediated at multiple points within the network to contain threats and ensure that malicious traffic never reaches critical IT systems or enterprise data.

Ong said the company's security fabric was being used "by some of the largest enterprises and government organisations in the world to secure their critical IoT devices, spanning industrial applications and public utilities."

The first version of this article appeared on Computerworld Malaysa on 16 February 2017.