5G is coming – and with this new digital landscape we can expect an exponential increase in IoT devices. This presents new challenges in regard to cyber security; as many are well aware, devices that connect to large external WiFi or Cloud networks can be at risk. Until recently, enterprises have accepted that they can afford to leave some IoT devices vulnerable, so long as they protect critical information. However, as IoT devices become more integral to IT operations – and thus increasing in number – this is no longer the case.
As such, these devices will have greater control over key assets and crucial data. From smart cities to our homes, factories to businesses, IoT devices will have greater influence over everyday life. Therefore, the importance of protecting such assets increases. This is not only because they have great influence over various aspects of our lives, but also because if one is compromised, many others are left vulnerable. In this article, we explore how cyber security experts are attempting to tackle these issues in the new 5G reality.
Table of Contents
Why IoT devices are particularly at risk
The reality is that the existing tools do not have the capacity to manage a large number of IoT devices and their associated assets in a centralised way. This is because these IoT devices have a huge variety of very specific OS (operating systems) and the ability to connect over a wide variety of technologies (WiFi, mobile data, LANs, WANs, Cloud, etc). Subsequently, the enormous amount of data that IoTs gather and manage is put at risk from numerous angles. The reality is that right now, there isn’t a way to detect risk at an early stage and implement traditional preventative measures like firmware updates, patch, or connection rules to protect assets from attackers.
How cyber security experts are attempting to meet these challenges
However, it’s obvious that cyber security experts need to address these challenges. In principle, the answer appears to be new approaches to risk assessment. Whereas previously traditional methods like the CIA triad (confidentiality, integrity and availability) were sufficient, now, questions around liability render these approaches outdated. To consider an example: Early prototypes of self-driving cars connect to various sources of information, mainly gathered by IoT devices, to make driving decisions. However, if the car is an accident, who is liable? The owner or the organisation(s) supplying and protecting the information? This will increase the relevance as more IoT devices are added to the road infrastructure and provide direct information to the cars and drivers.
The truth is, this complex supply chain of information means that the buck doesn’t stop with the end service – especially as there is no regulation or laws to enforce security on the various devices and actors in the supply chain. As such, there needs to be a drive towards a regulatory framework that covers the complexity of the supply chain from IoT manufacturers to software solutions. Therefore, regulatory bodies need to work with cyber security experts to create systems that properly manage information and digital technologies end-to-end, using artificial intelligence (AI) tools that can manage the complexity.
Why risk assessment is the key to greater security
In light of the dawn powerful 5G wireless networks, the cyber security standards we maintain today need to be reappraised. Now, we need to go beyond a holistic view and consider how the loss of each individual asset or function will affect the wider network. To appraise this, we need to ask how and why; who is more at risk? The user, the IoT device data, the manufacturer, or indeed, society? With these questions, we can assess the risk of storing assets on these devices. After all, if you can’t trust an app or device, then you probably shouldn’t use it.
For instance, many people use smartphones for simple tasks like maps and messaging. However, if an app is shown to be vulnerable or untrustworthy, users will abandon it. Take Facebook’s recent major data breach; since data from 50 million users was exposed last year, the social network has fallen out of favour. This is a basic example, but what it serves to illustrate is that usage itself can represent risk. Thus, organisations must manage risk. On an enterprise scale, companies need to carefully consider the balance between usage, convenience and security throughout their information supply chain.
Antonio acts as Subject Matter Expert in Security and Corporate Resilience: cyber and Information security, operational risk, business continuity and crisis management, physical security, health and safety, SOC and NOC. He has a strong experience in reducing the overall operations risk exposure to the organizations and countries, using strong controls, people, processes and technology to mitigate existing and evolving global threats.
Antonio is a senior leader in delivering results across a broad and complex portfolio, working with diverse teams, and complex environment of stakeholders, often in demanding and high stress and fast pace in international environments, with over 18 years broad experience across several industries, working across a wide range of cultures (over 20 countries) in Europe, Africa and Latin America.