How IoT is reshaping the cybersecurity landscape
连接设备的兴起导致了当今网络安全局势的新挑战。随着设备威胁和网络犯罪分子的人数的增加,物联网安全已迅速成为全球企业的首要关注和重大问题。如果组织想继续进行创新,他们将需要投资于网络的增长,适应更改和定位物联网安全作为其关键优先事项cybersecurity playbook. They need it to produce data about their products or services, to more efficiently control processes and vastly improve customer experiences. It’s here to stay — even with all of its inherent flaws.
It’s a numbers game
庞大的连接设备仅提供更多的攻击向量和机会。而且该行业直到最近waking up to the need for improved securityfor this growing behemoth that poses significant risks.Gartner预测到2020年,将有超过200亿个联系的事物,这一数字现在看起来很保守,因为所有垂直行业中的公司都看到了连接数据的潜力。从拖拉机上的传感器到智能门锁或环境监视传感器,所有这些都是潜在的漏洞和网络通道和信息的网关。
赌注正在上升
In the acclaimed series机器人先生,黑客在服务器室中利用温度传感器来引起爆炸。在虚构的情况下,前提强调了物联网设备控制物理环境时的风险。传感器管理温度,湿度,制造中的化学水平以及必须专业控制的许多其他物理水平。考虑一个带有传感器的静脉注入液,该传感器控制患者根据附着的身体传感器接受的药物量。该类型的机器的利用和后续错误将是灾难性的。
The stakes are high, and security controls for IoT must exponentially increase in order to provide the right protections. Previous data breaches could be damaging to the brand and cause financial harm, but they didn’t involve actual physical safety. IoT connections that relate to thepersonal safety or possible harmare now ripe targets for hackers looking to conduct ransom or even terror organizations searching for remote attack methods.
New data is produced
IoT produced data is also becoming more and more valuable. Cities use traffic management data to plan construction routes. Health insurers use connected data to determine coverage levels and other adjustments. Product manufacturers might be pulling in invaluable user data from their connected things — data that would release trade secrets if exposed.
数据本身更加“打开”,并设计为协作。在传统网络中,数据与某个应用程序相关,因此您可以在使用信息但不共享信息的地方获得经典的筒仓。物联网从测量,传感等中创建数据,但是数据可以由各个部门和人员使用。尽管它的开放性对于现代企业来说是必要的,但这也意味着更多的信息又有更多的信息,这反过来又产生了可能开放攻击的脆弱点。还有一个问题是,当收集有关个人客户的信息时,谁最终拥有数据。例如,智能温度计习惯上的数据是否属于用户或制造商?那血压读数呢?这些类型的问题进一步使IOT数据的安全性变得复杂。
New types of attack methods
A large business might operate hundreds of connected security cameras. A hacker could find an exploit for the camera and then target the connected router. Through some sleuthing, the hacker could find out the router’s address and other data, and then explore further vulnerabilities. Once he has compromised the router, then the bad actor can maybe reach a file server and then grab valuable data. The problem is these types of actions are difficult to spot without the right security tools in place. Such possibilities are shifting how firms think about connected devices and the downstream implications of so many avenues into the network. Many IoT devices are also controlled by one-time password systems, which further open them up to exploits. Organizations should utilize the latest password key management tools that require multiple routes of authentication and allows users to use unique resources to create security keys.
该行业将需要生产新技术,例如加密协议,这些技术非常适合物联网设备,并鼓励更广泛地转向a security-focused culture. There’s also a pressing need to stem the tide of ransomware by improving patching and updating.两因素身份验证and the use生物识别技术and advanced digital certificates are also needed to restrict access to only authorized users. Senior leaders and IT security professionals need to work together to employ best practices in their corporate environment in order to mitigate threats and attacks. Additionally, technology training is essential for all staff members and should occur early and often to create a front-line defense against hacking exploits that are due to human error. Security solutions typically occur after widespread adoption, as companies are eager to explore functionality, but at the expense of strong security. However, if the 20 to 30 billion coming connected devices are to prove beneficial, then firms need to embrace proactivity.
所有的物联网议程网络贡献者都负责其帖子的内容和准确性。意见是作家的,不一定会传达物联网议程的思想。