Story image

Learning from the past to protect the future of IoT and cloud

12 Mar 2018

This year it is likely that cyber adversaries will use a known vulnerability to conduct their attacks, despite belief to the contrary that suggests attackers are developing more sophisticated threats. That’s what the team from ForeScout believes at least, and those vulnerabilities are quite accessible.

“Given how accessible known vulnerabilities are to organisations as well as hackers, it is critical to have good cyber hygiene. This is the foundation of an enterprise to prevent hackers from taking advantage of a weak link and exploiting a vulnerability before it can be patched or updated,” comments ForeScout’s chief marketing officer Steve Redman.

It’s a double-edged sword for some macro trends that are currently having a positive – and negative impact for organisations and their security challenges. They include:

Growth and diversity of devices and platforms. By 2020, there will be 30 billion devices.  There will be more new devices introduced in the next few years as there were in the first 20 years of the Internet age.

These devices serve a variety of consumer and business purposes, and, with diversity of vendors, comes a diversity of operating system platforms. This means that organisations need to have visibility and control over these devices.

Yet the challenge is in how to find tools to manage them. For tools that require agents, those vendors already have a have a difficult time keeping with the operating systems let alone the hundreds of operating systems now coming out for Internet of Things (IoT) devices including operational technology (OT). 

IT is converging with OT to drive innovation and productivity. IT is merging with OT for monitoring and improved business performance. This innovation is happening in supervisory control and data acquisition (SCADA) devices and industrial control systems (ICS) typically found in dams, bridges, oil and gas pipelines, manufacturing assembly lines, and other critical infrastructure.

Given the importance of these devices, they can seldom be taken down for maintenance or patching, and agents are often impossible to install. These networks, once separate, have now merged, leaving themselves open to new cyberthreats. As the industrial IoT revolution is taking place, organisations are realising that they don’t understand what they have connected and the risks they face. 

“Hackers now have the tools to compromise not only sensitive networks, but also critical infrastructure. It’s no longer just about data being stolen, it’s about line of business and knowing what OT an organisation has before a breach can negatively affect its bottom line and impact the company where it really hurts: critical business operations; safety; and revenue,” Redman says.

The rapid adoption of cloud to accelerate business growth. Organisations are expanding their networks into the cloud, running more virtual machines on Amazon and Microsoft, using public cloud resources and software-defined networks to make networks more agile. Organisation will have a hybrid mix of virtual and physical servers, storage, and networking technologies that need managing and securing.   

“Unless organisations adopt stronger best practices and mitigate risk appropriately, in 2018, we will likely continue to see the same types of threats prey on networks. However, the stakes are much higher today as there is more at risk,” Redman concludes.

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.