Exploiting internet of things (IoT) technology without creating cybersecurity vulnerabilities is one of the defining challenges in today’s security landscape.
Axis communications has commissioned a white paper on the subject. Written by James Willison, Founder of Unified Security Ltd and Vice Chair of the ASIS European Convergence/ESRM Committee, and Sarb Sembhi, CTO and CISO at Virtually Informed, Converged Security Management: A single view on security risks examines the rise of the IoT, why third parties should adhere to ‘secure by design’ principles and why the necessary convergence of IT and security departments demands a holistic approach.
The IoT revolution has come about thanks to falling component prices, global mobile device adoption, improvements in telecoms infrastructure and the rise of application programming interfaces (APIs).
Unsecured and therefore vulnerable devices are now easily searchable through online vulnerability search engine Shodan, among many other means. A series of cyber-attacks targeting such devices as conduits to wider corporate networks has exposed the complacency of some manufacturers over cybersecurity.
The consequences of successful breaches – the loss of sensitive data and potentially multi-million pound fines levied for breaches of the forthcoming Global Data Protection Regulation (GDPR) – mean the issue is finally getting the attention it warrants.
The arguably lower standards of security for consumer devices is a problem, as is the use of third-party suppliers who may not take security as seriously as they should.
According to the Department of Homeland Security, “this inter-connectedness of devices introduces cyber-physical technologies that connect cyber systems to physical systems, thereby removing the barrier between the cyber and physical worlds […] but the greater connectivity also expands the potential attack surface for malicious actors.”
James Willison BA MA MSyI
Sarb Sembhi CISM
Free Download: Security sector insights in the age of terror and the cyber-attack
This round-up of articles, which distills several presentations from IFSEC 2017 to their key tips and insights, focuses on counter-terror and cybersecurity – especially regarding physical security
systems – as well as drones, access control trends and CCTV procurement.