CyberUK 2017: Internet of Things poses a threat to businesses

New research launched at the National Cyber Security Centre’s annual CyberUK conference has revealed that hackers are targeting wearable devices and healthcare apps to hold businesses and consumers to ransom

by the commentator on 16 March 2017 10:11

Capture

UK security leaders have called for tough action to tackle the rising threats posed by the Internet of Things through increased security on connected devices. The calls come as the recently launched National Cyber Security Centre (NCSC) hosted its first annual CyberUK conference and unveiled research warning that hackers are targeting wearable devices, voice-activated gadgets and the Internet of Things (IoT).

The conference’s keynote address was given by NCSC chief Ciaran Martin who hailed his organisation's links with industry and academia.

Responding to the warning around IoT threats, David Mount, director of security solutions consulting EMEA, Micro Focus said, “As this report demonstrates, the IoT is ushering in a new era in security terms. It’s positive that issues like ransomware and IoT security are now part of the national conversation, but we still have a long way to go to encourage connected tech companies to build security into IoT products from the start. All too often device vendors prioritise usability and customer experience over security, and that is putting consumers and businesses at risk. Quite simply, IoT security can no longer be treated as an afterthought."

The warning was echoed by  Raj Samani, CTO EMEA at Intel Security who said, “Given the huge competition in the growing IoT and wearables market, there is a huge rush to get these products to the market, which means that manufacturers often rely on third-party code libraries to shorten the development process and reduce costs. This haste and reliance on third-party software is where potential security threats can arise. When rushing to beat competitors to the shelf, code is often thrown together with minimal testing, relying on after release patches to correct bugs that show up. When developers are pressed for time, security is often left on the back burner. That is if security is even thought of. We have seen a number of consumer products shipped with gaping security holes that have gone unpatched for years.

"Wearable devices are designed to follow the user wherever they go, making the data inherently sensitive. This makes them a prime target for ransomware attacks, where cyber criminals blackmail users for their sensitive data.”

Joep Gommers, CEO, EclecticIQ said, “Today’s report from the NCA and NCSC is a welcome initiative in making the UK a world leader in cyber security. The report stresses the importance of collaboration and the sharing of knowledge if we are to fight against the evolving threat landscape, which is something I’m keen to see more of over the coming months and years. Thankfully, the way we share information is already starting to change. Standards are maturing, technology is maturing, and there is a big push from government to set up collaborative initiatives to ensure the public and private sectors are sharing insight on threats.

“Openness is key to establishing trust. As such, support for open source standards like STIX and TAXII need to sit at the core of the fight for true threat intelligence. However, the use of these standards and the exchange of intelligence often is still very much a conscious effort and not yet a default modus operandi – like recycling, a practice that was once ignored and then slowly adopted, is now commonplace and assumed. One organisation’s reactive, becomes another’s proactive.

“Transparency is vital to success in business and embracing a stance of openness cannot only improve a business’s view of cyber threats, but can also fuel a wider cyber intelligence revolution. Only if organisations and government departments work collaboratively do we stand a chance of getting one step ahead of the bad guys", concluded Gommers.

Comments
blog comments powered by Disqus