We had a interaction with Kevin Du, IEEE Senior Member and Computer Security Professor, Syracuse University. Here are the things he disscussed with us.
- What are the biggest challenges that organizations face in protecting their data in the IoT landscape?
Many IoT devices do not have sufficient security protection, either because the devices are using less than adequate hardware or software, or they have not implemented appropriate security measures that would prevent an attacker from commandeering the device. It’s important to understand that IoT devices change hands dozens of times, from designers to manufactures to vendors to regulators to consumers; each stop demands a cybersecurity professional advocating for safety standards. The problem is that the security phase is either neglected or not thorough enough to prevent hacking. The recent attack on the Dyn network were from a host of compromised IoT devices, devices that were rolled out before potential security loopholes were patched. With more and more IoT devices pushed out and immediately purchased by consumers, more cybercrime is likely to occur.
- How can CIO’s and CTO’s plan ahead to secure the emerging IoT Environment?
I think it comes down to a few things. Firstly, companies need to focus on the security skills of its workforce. Increasing complexity has made protecting networks more difficult, and so until automation takes over completely, company leaders must invest in security training to close the skills gap. Other generally overlooked rules that all leaders should institute company-wide are to have the latest firmware, pick strong and unique passwords, and keep personal devices out of the workplace wherever possible.
- In the age of IoT, what new threats threats should the organizations be aware of and what can be done to stay ahead of them?
I suspect that there will be significantly more attacks on IoT devices in 2017. I suspect there will be widespread DDoS breaches, an increasing number of phishing email and ransomware attacks hitting multiple industries, like manufacturing and healthcare. To prevent these intrusions, it will come down to device manufacturers implementing scalable, robust security and privacy strategies.
- What are the most common mistakes or oversights you see brands making when it comes to cyber security?
We have to look at this from two different angles and not exactly as a mistake. First, by putting all of our data in the cloud, that data is now accessible over the Internet. This makes accessing data more convenient to users but it also make it more convenient for attackers to retrieve. Without the cloud, we store data to our own storage devices or servers, and they do not necessarily need to be accessible over the Internet. Therefore, from this angle, putting data on the cloud does make our data more vulnerable to attacks. On the other hand, good cloud service providers do put a lot of effort securing the data for customers, so they can protect our data better than we can.
- What are essential strategies organizations have to put in place in order to protect themselves?
Backup your data somewhere else, such as on the cloud or on portable drives. This way, even if your data gets locked up by attackers, you can get your data back from your backup. Keep your operating system and software up-to-date, and always install the most recent software updates. Be careful when browsing the web, and try not to visit suspicious or untrusted sites.
