Story image

IoT security: prioritise, practice, and predict

11 Apr 18

With an influx of new smart home devices having entered Australian shores in the first few months of 2018, many Australians are welcoming these new convenient helpers into their homes.

Not too far removed from our personal lives, Australian businesses are dipping their toes into the Internet of Things (IoT) to gain benefits such as efficiencies and operational insights, from production flow monitoring to inventory management.

On the security side, IoT poses a tangible risk, however. As we continue to entrench our personal and professional lives with more ‘connected things,’ we drive both new levels of innovation, and at the same time, open ourselves up to a security minefield.

Regrettably, Australian organisations are already struggling even without this added layer of risk. In a recent report, we found that Australian companies face some of the highest numbers of IT incidents per month globally, and feel they are just about managing or struggling to deal with the volume of events.

It is therefore not particularly surprising that security in operational technology (OT) still remains the laggard. These systems used to control valves, conveyors and other machines to regulate variables such as temperature or pressure are critical to many modern organisations. However, the convergence of IT and OT opens up new attack surfaces.

Hackers have quickly learned the value in targeting OT which can bring business operations to its knees with shutdowns, equipment damage, supply-chain disruption, revenue losses and safety risks.

Finding a way to collect, store and analyse IT and OT data in silos is reasonably simple. Practising an analytics-driven approach to security by gathering relevant data from disparate sources to convert it into actionable insights, however, is a whole different ballgame.

To tackle some of these issues arising from the influx of new data sources, we recently developed our own solution that helps organisations in industries such as manufacturing, energy and utilities monitor and analyse industrial IoT data in real time.

Data gathered from IoT devices can empower businesses to take action across the whole ecosystem in real-time. This device-generated data provides a whole new lens to not only the industrial engineers but also security analysts; a real-world view for a proactive stance to investigating and responding to a breach or infection.

With data, one thing is certain: maintaining a consolidated view of what’s taking place in your network at any given moment is now a necessity. Each ‘connected thing’ opens new doors into personal intelligence, corporate intelligence and even public safety. Through these doors, we open ourselves up – as individuals and organisations – to new weaknesses hackers could exploit.

It is imperative for Australian businesses and decision makers to take this risk seriously.

Article by ‎Splunk Australia and New Zealand area vice president Simon Eid

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.