The Internet of Everything (IoE) is accelerating, creating significant opportunities for organizations, individuals, communities, and countries as more things come online – along with the people, processes, and data that interact with them. Building on the foundation of the Internet of Things, or IoT, that refers to the connection of physical objects only and doesn’t include people and processes, the IoE presents new challenges, particularly when it comes to cybersecurity. The IoE doesn’t just require networked connections but secure networked connections in order to capitalize on the estimated trillions of dollars of value to be gained globally over the next decade.
To help cybersecurity professionals cut through the hype and gain a better understanding of what to expect as the IoE continues to evolve, these top 10 observations might help:
2. The attack surface will expand. With billions of new devices now connected to the IoT (including smart meters, heating and air conditioning systems, health monitoring devices, remote sensors for gas and oil lines, etc.) and more devices connecting all the time, the ability to gain visibility into these attack vectors, let alone close them to malicious actors, is increasingly difficult.
3. Threat diversity will increase. Due to the variety of objects adversaries can target, many of which are in insecure locations, attackers are able to devise new methods the cybersecurity industry has yet to face and blend sophisticated techniques to accomplish their mission.
4. Threat sophistication will continue. Threats have already become stealthier, evading initial point-in-time detections and using nearly imperceptible indicators of compromise to reach their target. Cybersecurity systems that rely exclusively on point-in-time defenses and techniques can’t keep up with unfolding attacks.
5. Remediation will become more urgent and more complex. When an attack does happen organizations can’t necessarily isolate a system because the cost and implications of shutting it down may be greater than the cost of an infection, presenting serious tradeoffs between protection and continuity of operations. Remediation methods will need to support a focused approach to quickly detecting, scoping, and containing a threat, cleaning up systems, and bringing operations back to normal.
6. Risk and impact will escalate. Sensitive data and personal information is flowing between process and business domains – from and through billions of connected devices, in secure and insecure locations throughout the world. The vast majority of these devices and domains rest outside the secure embrace of the IT and OT networks. In an OT world, the impact of a breach can be much greater. For instance, if a hospital or medical care facility is attacked and systems needed for patient care or life support are impacted, the outcome is more severe than a computer system infected with malware in an IT environment. The ability to protect this data wherever it goes and however it is used must be addressed.
7. Compliance and regulations will mount. Regulatory bodies are requiring tighter security and privacy controls than ever before, which is affecting a growing number of industries. If unable to effectively and efficiently meet these requirements, an organization’s ability to gain value as an active participant in the IoE will be limited dramatically. In addition, as more devices are connected, lines of ownership and responsibility will become increasingly blurred. This introduces new challenges for managing and maintaining compliance with regulatory requirements.
8. Visibility will be paramount. Cybersecurity professionals need to see a real-time, accurate picture of devices, data, and the relationships between them, in order to make sense of billions of devices, applications, and their associated information. This requires more automation and faster analytics; humans won’t be able to scale with the environment.
9. Threat awareness will become the focus. In this amorphous perimeter, cybersecurity professionals need to presume compromise and hone the ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions, and respond rapidly. This requires overcoming complexity and fragmentation in technology environments.
10. Action will need to be swift. Upon identifying a threat or anomalous behavior, cybersecurity professionals need to be able to take action. This requires the right technologies, processes, and people working together and swiftly to be effective.
The IoT doesn’t replace the existing IT or OT networks; rather, it supplements these networks and relies on them in many ways. We need to build on these existing networks and existing network security but also bring a new perspective, recognizing that since every aspect of the network is now working together, our cybersecurity and physical security solutions must also work together with a coordinated focus on threats.
What’s needed is a new, threat-centric security model that is as pervasive as the IoT and the threats themselves. This threat-centric security model must span a range of attack vectors and address the full attack continuum – before, during, and after an attack. With this model we can protect computer systems, networks, and data. And for many enterprises involved in industrial control and automation activities, we need to extend this same model to better protect operational systems that are the lifeblood of the enterprise and in many instances, our daily lives.