A digital revolution is currently underway. Most enterprises have been accelerating the pace of their digital transformation technologies like Cloud, Big Data, AI and Internet of Things (IoT). While the benefits are obvious, the attack surface is increasing dramatically. The consequences of breaches go beyond simple data loss, or distributed denial-of-service (DDoS), it is very much a safety issue, with a potentially disastrous impact in the case of critical IoT use cases in Industrial IoT, healthcare/medical devices and automotive. As companies plan or continue their digital transformation, they must include security and safety transformation as well.
2019 has seen an unprecedented level of security attacks, including the hacks on Apple’s iOS, WhatsApp, the breach on the US Customs image database and more. Forbes estimated that 4.1 billion records had been exposed by data breaches in the first half of 2019 alone. Since the first 2016 Mirai botnet DDoS attack, we continue to see the more aggressive flavors like Satori and Torii from the same family advancing with the features to exfiltrate sensitive data beyond DoS attacks.
Security researchers from F-Secure recently issued a warning that cyberattacks on IoT Devices are now accelerating at an unprecedented rate. The first half of 2019 itself measured a 300% increase in attack traffic to more than 2.9 billion events. We have seen previous incidents where FDA announced the recall of medical devices due to cyber risk in August 2017.
This year’s publication from Wipro, State of Cybersecurity Report (SOCR) 2019 captured a summary of the attacks and breaches in six industries and provided the highlights and insights for each. Some of the key statistics included in the SOCR are:
As per the SOCR, the health industry has consistently been the most targeted sector (485 breaches); the legacy IT security is too weak to operate on Internet of Medical Thing (IoMT) devices and the breaches could affect patient safety.
Digital transformation and IoT are pushing the security professionals to rethink their cybersecurity strategies. There has been a buzz about identity being the new perimeter for some time now. Managing trusted identities for human and non-human is becoming the main step to prevent the breaches and privileged access management to protect the assets. Gartner recently defined a new category that converges the network and security, SASE (Secure Access Service Edge) that mentions Identity-driven as the key characteristic of this future security model.
Wipro’s SOCR 2019 covers IoT security, expecting a quantum shift in organizations attitudes to cybersecurity. As per this report, many organizations are struggling to adapt their traditional enterprise IT cyber defenses to address IoT security requirements. The report mentions that strong identity/authentication are key to address the IoT security challenges.
Device Authority share the same sentiment that IoT security is redefining cybersecurity to meet the requirements and help accelerate digital transformation and Industry 4.0. The limitations of the current IT security model, that evolved as an afterthought and has to be redefined, are articulated in one of our recent blogs and also documented with architecture in our Enterprise IoT Security Blueprint that you can download here.