Tackling the Complexities of the Connected World

Enterprise security must be a team effort

Cybersecurity trends and risks are top of mind for nearly every business leader today, and these executives are turning to security professionals within their organizations to keep pace with IT security risks while also helping secure people, critical data and physical assets. As the world becomes more connected, and risks grow more sophisticated, this is a complex undertaking for even a seasoned executive, IT expert or security professional.

Cybersecurity is a difficult and serious endeavor that forces IT leaders to find balance in managing the security of the computing capabilities that connect and enrich lives. Today’s security leaders are at the crossroads of ensuring the safety and security of physical assets and keeping critical data safe from outside threats. For enterprise IT teams to know quickly when their environments have been tampered with, they must align operational technology (OT) and IT security priorities. This strategic approach also allows for a discussion about ways to modernize security to protect legacy infrastructure systems.

Emerging network trends related to reducing the time it takes to detect tamper and the growing demand for secure mobile computing provide a call to action for enterprises seeking to transform the nature of risk assessment in an IT-driven environment.

Billions and Billions of Devices

The Internet of Things (IoT) takes shape from connecting any device with an on-off switch – smartphones, coffeemakers, automobiles, wearables, lamps, appliances, not to mention critical infrastructures, such as the energy grid or public transportation systems – to the network and to each other so that data can be shared. This connectivity enables systems to operate more efficiently, making lives a little easier. It is a co-existing relationship between people and things for the betterment of the human condition. And it is growing – quickly.

Many reliable sources are studying the growth of IoT as the world becomes hyper-connected, and there is no doubt that adoption is proliferating: Research firm IDC says that the global IoT market will grow to $1.7 trillion by the year 2020; the World Economic Forum indicates that the number of connected devices is projected to grow from 22.9 billion this year to 50.1 billion by 2020; and IC Insights predicts that new IoT connections will grow from approximately 1.7 billion now to nearly 3.1 billion in 2019.

The statistics are astounding, to say the least, and with this type of global connectivity, a growing number of security challenges will emerge.

According to research conducted by Gartner, by 2020, IoT will comprise approximately 21 billion devices. Gartner also reports that, “IT leaders will have to accommodate the differences in technologies across those areas and develop a multifaceted technology approach to IoT risk and security.”

Additionally, Cisco’s Visual Networking Index (Cisco VNI) indicates that IoT devices will dominate the network by 2018, meaning that machines will communicate over the Internet more than humans. This growth leads to vulnerabilities. The more everyday objects are connected and communicate virtually, the more we open the door to security threats.

Protecting IoT Devices in the Enterprise

Since this technology is becoming more and more ingrained into daily lives, at the very basic level, users need to be able to trust that IoT devices and the data being transmitted are secure from vulnerabilities. If entry points are not protected, the risks of cyber attacks and data acquisition by theft are very real. Further complicating security is the deployment of IoT devices that automatically connect to other IP-enabled technologies, increasing the likelihood that these products will transmit data into unsecure environments.

With more data being shared, the possibility of security breaches increases as cybercriminals see value in hacking into IoT devices, resulting in vast amounts of information from many systems being compromised. In February, hackers seized control of Hollywood Presbyterian Medical Center’s computer systems and only gave back access after a 40 Bitcoin (equivalent to $17,000) ransom was paid. According to Forbes, data breaches in healthcare alone compromised more than 112 million records in 2015.

Part of this stems from the fact that all devices trust each other, and share data back and forth without verifying source credibility. Should sensitive data get breached and fall into the wrong hands, public safety – and, in essence, security – could be compromised. Some IT and security experts propose that professional and ethical standards be established and followed so that everyone shares the responsibility of security as it relates to IoT.
It is impossible to size, much less identify, all of the vulnerabilities associated with IoT because it is still unfolding, and to date, there are no easy, one-size-fits-all solutions.

As organizations across the globe reap the benefits of the connected world, new ways must be found to enhance the security of IoT devices from both a cybersecurity and physical security perspective.

Blending Physical and IT Security

Cybersecurity risks have expanded, networks are growing, hackers have gotten smarter, and resources are typically limited by budget constraints. Privacy is also a critical topic. How can organizations meet privacy and security standards in this ever-evolving connected world? IT leaders have to work harder, and smarter, than ever to develop stronger security infrastructures, policies and strategies within their organizations to accommodate these changes. The overarching goal is not only to ensure uptime and performance of the network, but also to protect assets and corporate data. Collaboration across departments can help address how information and access to data should be controlled, as well as who should be responsible for the protection of that information.

This leads to the concept of an overarching approach to security, with cybersecurity and physical security teams coming together to ensure the safety and protection of people, assets, and information using physical barriers and technology in an IoT-connected world. Over the years, a blurring of divisions has occurred. Gone are the days of siloed IT and security operations.

Navigating a collaborative relationship between information security officers and physical security directors is critical to maintaining a high level of protection. CIOs and CISOs should also engage boards of directors in discussions of cybersecurity and risk evaluation, and build a collaborative framework within an organization’s executive leadership to address information risk. This includes incorporating technology-driven solutions and strategies to best address threats within the secure enterprise, reduce the time it takes to detect threats, and build effective response plans.

The convergence of the cybersecurity and physical security worlds has been discussed for several years, and today many leaders believe it is long overdue. New threats appear every day that make us question data protection levels, and new innovations and processes are enabling the complete mobilization of the secure data center without limiting functionality. But without combining these new capabilities with complete protection, data can easily be compromised. A dialogue between IT and physical security leaders is necessary to help business leaders gain greater knowledge of how to work together to ensure data protection.

Establishing Standards and Procedures

Cooperation between multiple departments within an organization is only the beginning.

Multiple studies on breaches and infrastructure attacks show that most can be deflected by using simple, well-known security measures.

Industry leaders must be able to communicate with multiple departments to identify vulnerabilities and work collaboratively to address these challenges. Enterprise IT teams must converge to understand when their environments have been tampered with to quickly address breaches.

Are protocols needed beyond typical cyber safety protections? Is more collaboration needed between enterprise security teams? Here are three ways to further bridge the gap:

  • Make security a priority by building it directly into the network. Include multi-layer IT and security protocols for all sensors, devices, applications, data and firmware to create multiple layers of defense with a focus on the integrity of the system assets.
  • Use analytics to determine network operation trends. This data provides detailed insight that enables users to see suspicious trends emerging, providing the ability to alert network administrators when risks are identified.
  • Be proactive by building a comprehensive security strategy that is customized to fit an enterprise’s specific needs. With the push for connectivity and mobility, security can be overlooked. Therefore, it is critical that organizations empower employees to identify potential vulnerabilities. This will go a long way toward managing risks.

The continued combination of the cybersecurity and physical security worlds will help build a holistic security strategy for connected organizations. The secure global enterprise can only be achieved when physical and information security integrate to mitigate emerging and complex cyber threats in a hyper-connected world.

Discussions about cybersecurity threats and strategies for mitigating those threats must be ongoing. IT security leaders must stay informed on the latest threats and should seek out opportunities to attend events dedicated to IT and physical security technology. These events should be used to network with leading industry voices, influencers and thought leaders in order to share knowledge that can help ensure today’s and tomorrow’s secure enterprise.

They should become familiar with the latest technology trends and ask questions specific to their organization’s challenges. And, most important, they should exchange information with their peers, leading solutions vendors, security practitioners, and industry thought leaders to grow their network and contribute to industry progress. By working in collaboration, organizations across the globe can effectively protect corporate data and networks and ensure long-term business viability.

Herb Kelsey (hkelsey@guardtime.com) is the chief architect at Guardtime (www.guardtime.com). He is a keynote speaker at the 2016 Connected Security Expo at ISC West.