The time isn’t far away when everything in our lives, from furniture to coffee pots, will have the ability to be “smart.” Various reports estimate that there will be anywhere between 30 to 200 billion internet-connected devices by 2020.
And with the dollar value of personally identifiable information going up, the focus of the cyber-attackers has changed in recent years: As they begin to realize the value of personal data, hackers have focused on commoditizing the information that is often readily available on connected devices.
As the focus of the attackers continues to change in the face of IoT proliferation, the challenge will be how to mitigate attacks beforehand, said Sam Phillips, VP, general manager, CISO at Samsung Business Services.
“The real challenge is to figure that next step out,” Phillips said during a recent panel discussion titled Mitigating Cyber Risks in the Growing World of Internet-connected Devices at the MIT Sloan CIO Symposium in Cambridge, Mass. “If you can do that, you have removed the financial incentives around those [data].”
As companies move into IoT, it is important to be cautious and architect security processes well before products are deployed, Phillips added.
Modern data security challenges
There is no doubt the surge of Internet-connected devices is creating a varied range of new attack surfaces for hackers: Markets and Markets forecasts that the Internet of Things (IoT) global security market will grow to $28.90 billion by 2020.
As we look forward to a more connected future, organizations have to be prepared to combat these increasingly sophisticated cases of cyberattacks. One upside to the surge in cyberattack cases is that more companies are implementing security controls from the beginning to protect and secure their data, panelist Roota Almeida, head of information security at Delta Dental of New Jersey, said at the session.
To offset the risks associated with widespread digitization and IoT, many companies today are applying advanced big data analytics like machine learning to predict cyberattacks and understand the tactics and techniques used by their adversaries. The analytics data also helps them respond and recover quicker from such attacks.
“In machine learning … the whole goal is to take human speed out of the equation and operate on network speed, so you can stay not too far behind the adversaries,” panelist Mark Morrison, CISO at State Street Corp., said at the session.
One of his challenges at State Street is to show how security in a digitized world is an enabler for the business, he added.
“Security should be sold as a sector,” Morrison said, adding that financial organizations “should not monetize and sell security as a product; that’s something we provide to our clients for doing business with us.”
The future of cybersecurity
Panelists agreed that when it comes to mitigating modern cyber risks, being compliant alone does not guarantee security. To be secure, there are a lot of other components that need to be taken care of even after regulatory compliance is taken care of.
Phillips and Morrison agreed that security will get better with time, as companies grow accustomed to the new threats.
“We are growing at a faster rate than our adversaries,” Morrison said.
Almeida, however, said that in the future the security situation will be different but not necessarily better. The “bad guys” will simply go after the information available then, she added.
Another major challenge that companies face today is the lack of talent in the security sector, said panelist Tom Eilers, Eastern U.S. director of Intel Security’s Government and Education Solutions, at the session. There is a 40 percent deficit in available talent and that number is expected to rise in a couple of years, Eilers said.
Academia has to continue to generate next-generation coders and cyberwarriors, panelists suggested.