Search this website
The rise of IoT devices has made the importance of active cybersecurity more significant
By Burgess Cooper
Digital transformation is impacting the way we do business. As companies embrace the digitised environment, security needs to be considered as an integral part of the plan and not as an afterthought. As systems grow more complex, become more interconnected, and handle more information, their exposure to vulnerabilities will increase. It could be due to malicious intent or a normal human error.
Consumerisation of IT has blurred the lines between personal and enterprise computing devices, wherein enterprise mobility will impact the entire enterprise IT ecosystem, anywhere across the globe. While the hyper-connectivity makes access to information much easier than earlier times, the emergence of physical devices embedded with technology is making many a business susceptible to cyber-attacks.
One of the key challenges that the industry faces is that most Indian companies look at cybersecurity as an “IT issue” which leads to a lack of management attention. The likelihood of a cyber-attack is at its peak currently as organisations are automating their operations, and increasing their online presence and cloud usage. Interesting to note is the fact that many a times the enemies lie within the organisation’s boundary.
Impact of the Internet of Things (IoT)
The emergence of IoT is creating a pressure on an organisation’s capabilities. We will highlight some of the issues that the organisations face:
Challenges related to the number of devices
Most organisations struggle with the huge number of IoT devices. Within a short period of time, these devices will become part of their networks – many already are. It is interesting to note that in our recent survey 55 percent of the organisations said that they are concerned about poor user-awareness and 40 percent are concerned about their ability to know all their assets.
Challenges related to the increase in data traffic
Organisations are doubtful that they can continue to identify suspicious traffic over their networks. 50 percent of the organisations said that it is difficult for them to be able to find hidden and unknown “zero-day attacks.”
Challenges related to the ecosystem
23 percent of organisations are facing difficulties with respect to monitoring their ecosystems. As this will continue to grow – the volume of data will also increase and therefore will require stringent protection measures.
Need for stronger cyber-security measures
With many a cyber-breach incidents being reported lately and the government’s prerogative to invest on cybersecurity and digital transactions, we noticed that the organisations have improved their capabilities significantly in recent years – where many are using cyber threat intelligence to predict cyberattacks, installing continuous monitoring mechanisms, such as a Security Operations Center (SOC), identifying and managing vulnerabilities, and installing active defence. They have become more confident in their ability to predict and detect a sophisticated cyberattack.
While this is definitely a step in the right direction, many still lack basic security systems and processes which put their employees and suppliers at risk. 33 percent of organisations in India, still, do not have a SOC, compared to 44 percent globally while 55 percent do not have, or have only an informal, threat intelligence program.
It is impossible to detect the callous behaviour of cyber criminals. Their actions are difficult to understand as they have a very different set of values and are motivated beyond monetary gains as reason!
Some are just looking at mere headlines. Just like we are protective of our physical surroundings, we need to build a similar atmosphere for our cyber ecosystem – especially when we are growing as a cashless economy where we will very soon rely heavily on IoT.
Not investing in cybersecurity, will put not just put the organisations and the government at risk but also the individuals. We need to become smarter in detecting and pre-empting these attacks and need to build an active defence to predict these threats. Organisation will need to invest in sophisticated analytics to detect early warning signals.
The author is a Partner, Cybersecurity for Ernst & Young, India