Cybersecurity will continue to be a challenge for CIOs and their IT teams this year as they have to keep up with rapid global digitalisation while ensuring that the organisation is secure. CIO Asia spoke to industry experts to find out the top security threats for 2017, and what organisations can do to avoid becoming victims of such cyber attacks.
IoT security will be in the spotlight this year
According to Gartner, more than half of major new business processes and systems will incorporate some element of IoT by 2020. As such, IT/security leaders need to think of ways to extend security to connected devices. "Similar to how printer servers were used for attacks several years ago, nearly everything in an enterprise is now connected to the internet and will need to be protected," according to Symantec.
"IoT will continue to pose security concerns, as manufacturers rush to bring new products to market despite a lack of global agreement as to how these devices should be properly secured. Researchers have already shown how a Tesla vehicle could be stolen by hacking into an owner's smartphone. And continuing the trend of malware being offered as a service, hackers have offered botnet armies for rent, giving subscribers the power to launch their own DDoS attacks," Tony Jarvis, Chief Strategist, Check Point Software, said.
Tony Jarvis,Chief Strategist, Threat Prevention, APAC, Middle East & Africa (AMA), Check Point Software Technologies
Anmol Singh, Principal Research Analyst, Secure Business Enablement Group, Gartner, commented: "Existing security best practices are unable to handle IoT exposure. IoT edge networks and devices are highly diverse and use a lot of non-IT hardware and propriety protocols. Thus, extension of IT-based security approaches at the edge of IoT remains the greatest challenge for security practitioners on IoT."
Anmol Singh, Principal Research Analyst (Secure Business Enablement Group), Gartner
"It is necessary that IoT security practitioners have a clear visibility of IoT assets, conduct appropriate threat assessment, and ensure the device hardware and software in use are attack-resistant and security-capable."
"Organisations must plan to secure all IoT access and communication channels with appropriate access control, device authentication and/or encryption mechanisms. Higher-risk IoT use cases involving crucial IoT devices demand implementation of embedded security controls. For instance, organisations should adopt trusted execution techniques that separate the execution of system-level functions from applications by creating a trusted execution environment for better power efficiency and security benefits over software-only approaches."
"High-risk IoT use cases will increasingly demand risk-adaptive authentication methods that not only are adaptive to varied levels of security risks presented throughout an IoT device's life span, but also are supportive of the performance, scalability and availability requirements of IoT," he added.
Sign up for CIO Asia eNewsletters.