By Danie D. Taylor
Business and IT leaders understand that in this era of BYOD programs, employees present constant security threats. Device mismanagement or poor Internet etiquette could lead to data leaks or network infiltration. But let’s not forget the newer threat on the block. Advancements in the Internet of Things means IT staff looking to address breaches may soon ask “et tu, network?”
The cost of convenience
The Internet of Things brings unprecedented convenience to those who choose to be connected. Fitness trackers, smart thermostats and pill bottles that light up to remind patients to dose are all examples of the Internet of Things at work. The devices, gadgets, machines and other “things” you use are being redesigned with the ability to communicate with each other. Since everything on your home network is linked, it’s important to practice safe connecting:
- Know what you have. Be aware of how many devices are tapping into your network. Each one represents a potential breaching point.
- Pay attention to device security features. Make sure they’re enabled and keep the software up to date.
- Configure your router’s firewall properly. Your router is what connects everything in your home to the outside world. It’s your first line of defense. But it only works when deployed properly.
When it comes to cybersecurity, what’s good for the home is not nearly good enough for the business. Security expert Teresa Law calls the Internet of Things a big game changer. “It increases convenience but it also increases risk, it means that attackers have more opportunity to steal our information or sensitive corporate data. It makes ensuring that the right people gain access to the right information even more important.“
Criminals want in
Security analysts called 2013 the year of the mega breach. There was a 62 percent increase in breaches from 2012. Of those, eight breaches each exposed the identities of more than 10 million people. In addition to the magnitude, the duration of attacks can be disastrous. It can be months or years before an attack is discovered. Cyber criminals are becoming more sophisticated and changing their tactics. Symantec’s 2014 Internet Security Threat Report says small to midsize businesses are being targeted at a higher rate than larger businesses. Additionally, cyber criminals are targeting web-based and mobile platforms and applications.
Security analysts say the answer is more communication. Traditionally, corporate IT structures kept teams separate. Each operated in a silo and was responsible for protecting its assigned portion of the corporate infrastructure. But data does not only move vertically. It travels as it needs to – touching network, application and storage environments. Ignoring those connections is dangerous.
“Malware could be spread from machine to machine,” suggests Law. “Attack techniques will no doubt change and therefore security will also change.”
Change is key
In Symantec’s report, The Cyber-Resilient Enterprise: Harnessing Your Security Intelligence, analysts say the best bet is a strategy, not a solution. They recommend an integrated approach through increased security intelligence. That means sharing information about threats and vulnerabilities and leveraging security services business-wide. Companies should strive for a partnership between IT, security and business leaders. A strategic relationship will help security and technology work together toward reaching company goals.
Organizations will always face cyber threats. It’s impossible to permanently eliminate them all. Still, a comprehensive organization-wide strategy will help businesses that face these attacks remain agile and respond quickly.
Danie D. Taylor is an Emmy ® Award winning journalist, content producer and blogger based in San Francisco.
