Maura O'Brien The internet of things (IOT) is the future of our technology landscape. Essentially, the IOT is comprised of dozens of devices that can talk to each other and interact in a way that will make our lives easier. Take the Nest thermostat for example, it synchs wirelessly to your smartphone and adapts to your usage habits by syncing your phone and thermostat to your house. Devices that can adapt to our behaviors and talk to other devices will change the way we interact with our world- whether it’s at home, in the workplace, or at school. As a student in the technology field the term “internet of things” is a term I am familiar with, and I predict will be a concept that I encounter in the workplace in the next couple of years. Many experts however are not as familiar with how to secure such technologies. Mark McLaughlin, chair and CEO of Palo Alto Networks, commented on the careful balance between fostering innovation while clamping down on possible attackers when it comes to the IOT. Given the vast capabilities of the IOT, there are a multitude of threats we don't even know exist yet! However, McLaughlin successfully narrows down some key takeaways about what we know thus far about IOT. He states that since there are many interconnected devices in the IOT, more focus should be put on securing the network in addition to securing the devices. This will be especially necessary for enterprises, and will call upon government and company cooperation to have consistent and effective widespread protection against hackers and other threats. Similarly, government intervention requires a balance between oversight and autonomy for the companies to continue to expand and innovate. It is important that the government starts discussions about the future of the IOT, and companies keep open communication to foster debate between the government and the private sector. Similarly on the enterprise level, security of these devices should be kept up to date and closely monitored given the devices individual life cycles so that the network of “things” are secured. It will be exciting to see what the future holds and how can leverage the devices we use to become even more useful in our daily lives.
0 Comments
Maura O'Brien Countless times throughout my childhood I remember the routine family text my dad would send out- that our credit card number had been stolen. While a seemingly minor inconvenience, our credit card account would be on hold for at least a week until our new credit card would arrive in the snail mail. Similarly, the thought that a criminal stole my parent’s information in a way unknown to us was unsettling. Now that I am entering into the adult world I think of the privacy of my identity and the integrity of my credit card account. Thanks to chip readers, security when making a physical payment in store has improved, but what about online shopping? Vendors are moving to the online business model by the drove, and hackers are at the ready to breach customer data through virtual transactions. A quick read through of the article “Cyber Threat to Payment Industry Demands Multi-Layer Defence” outlined new trends in tech that can mitigate online threats to the financial sector. Mastercard has been spearheading efforts to roll out a predictive tool, The Early Detection System (EDS), which I believe is the future for credit card companies . EDS targets high risk cards/ accounts after data breaches and sends an alert to the cardholder’s bank to reduce card fraud. The tool achieves this by prioritizing risk from a number of factors, including network insights, predictive capabilities, and internal/external data sources. From this risk evaluation the bank then has a better idea of what action to take- whether it is proactive or reactive. This EDS tool is quick and easy to implement, the costs involved in setup are inferior to the protection customers can expect from the technology. If the EDS tool existed when I was growing up, my dad wouldn’t have had to cut up so many credit cards. Nonetheless I will be inquiring my bank and credit card company about EDS asap! Maura O'Brien Throughout the work day, we go about our job without suspecting our greatest threat could be lurking at the desk right next to us. Whether incidental or purposeful, company employees pose as one of the largest threats to a company's integrity and security, and they are often overlooked. Marc Van Zadelhoff’s article “The Biggest Cyber Security Threats are Inside Your Company” outlines the key players for internal security breaches, and how to avoid them. Zadelhoff pinpoints three types of internal hackers: 1.Employee Error 2.Malicious Employees 3.Hijacked Employee Identity What do all of these threats have in common? Not that they are frightening or evasive, but that they are a reality. People make mistakes- your most trusted IT admin might enter in a rogue data entry and crash the company's entire backend database. Some employees, however, might go so far as to purposefully bring down a system to steal company data and sell it for their own profit. Then, of course there’s the traditional “external hacker” attacking under the alias of one of your own employees, right under your nose. This isn’t to say that you can’t trust your hard working employees, but it all comes down to one simple pillar- education. As the old saying goes “if you can’t beat them join them”. Large and small companies alike need to get into the mindset that they are vulnerable to understand their most common attacker- their own employee! Information security budgets need to be expanded to allow this to happen, and everyone from the new intern to the CEO should be informed and engaged in protecting themselves for the good of the company. From an IT department standpoint, Zadelhoff simplifies their security role into a few simple ideas: identify your assets, use analytics to understand your employee activity, target the users who control the most important assets, and go back to the basics to perform simple security measures (i.e. frequent patches or strengthened passwords). These 4 measures can make all the difference. By combining awareness, analysis, and action employees can decrease their chances of making mistakes, and have a response plan should mistakes or intentional breaches occur. A company’s likelihood to survive in today's technology era relies on best security practices, and by looking internally, a company can build a secure core to then defend from external threats. |
ArchivesCategories |