Organisations need to consider the increased exposure to cyber threats when embracing the internet of things (IoT), according to Cisco.
“There’s a lot of work still to be done to take this vision and make sure it manages all the risks that are out there," said Bret Hartman, vice-president and chief technology officer for the security and government group at Cisco.
“What do I trust?” he said. “I can’t address security by dropping in a firewall box, so how do I make security pervasive and cover the entire network?”
Because the network for IoT is so large – connected cities or healthcare and wellbeing devices which talk to each other, for example – the attack surface becomes enormous and the odds of hackers being able to successfully intercept data become higher.
WHAT CITIES NEED TO DO TO SECURE THEIR NETWORKS PRIOR TO EMBRACING IOT
Bret Hartman, vice-president and CTO of Cisco's security and government group, shares three security tips that city authorities should think about before embarking on a connected city project:
- “To deal with the threat, you need visibility,” he said. “You need to be able to see what’s going on.” Hartman said it is imperative to be aware of who is accessing different devices and how they are used.
- The second area to concentrate on is analytics. “If you have that visibility, what are you going to do with it?” Hartman said it is easy to become buried in a sea of data, and that you need the right types of tools to analyse the data.
- Lastly, cities must concentrate on securing the IoT network as much as possible, rather than trying to secure individual devices.
“Eliminating vulnerabilities is impossible,” said Hartman. “If you can’t trust every application, how do you experience the fantastic benefits of the IoT and balance the risks?”
From a technical perspective, Hartman said securing the IoT isn’t very different from securing big distributed systems, but with IoT it’s a bigger surface and attacks are likely to be more successful.
He said organisations should put extra security into the network rather than trying to secure the multiple devices in an IoT ecosystem.
“Put security into the network and watch how devices communicate,” he said. “You can see what is acceptable communication and what is dangerous.”
He also suggested securing the different endpoints, including Windows, Android and Mac.
During the Cisco Live conference, the supplier also announced its intention to acquire security IT company ThreatGRID.
ThreatGRID offers advanced dynamic malware analysis and threat intelligence technology, both on-premises and in the cloud, which helps organisations proactively defend against and quickly respond to advanced cyber attacks and malware outbreaks.