As we approach the start of 2015, experts and players in the M2M/IoT (Internet of Things) industry are turning their attention to the year ahead. Which trends will continue to drive the market? Which new trends will begin shifting the market’s direction and shaking up the status quo? In M2M/IoT, security is one piece of the puzzle that will remain a constant presence in 2015 and beyond. Sadly, not enough companies are taking security seriously enough.
What’s more, for most companies the amount of security threats and breaches seem to be relentless and increasing at breakneck pace. In most cases companies are struggling to figure out how to keep up, let alone trying to manage all of these threats that are attempting to penetrate a company’s perimeter.
One the other hand, while the nature of these security threats get more and more complicated—even impossible—to predict and prevent, Ed Amoroso, senior vice president and chief security officer at AT&T, www.att.com, believes there are some aspects of security in M2M/IoT that can be anticipated. More specifically, Amoroso’s remarks reinforce Connected World’s educational efforts to raise more awareness that in 2015, security breaches will likely shift from theft to critical infrastructure “destruction.” Cybercriminals no longer want to create havoc they want to create harm and cripple economies.
Amoroso adds unlike security breach incidents in 2014 aimed at prominent retailers that resulted in stolen customer data, in the coming year, cybercriminals will start focusing on ruining a company’s infrastructure. Unfortunately, this means the greatest threat is no longer just about losing data, but crippling a company or organization as fast as these cybercriminals can.
“Large-scale vulnerabilities such as Heartbleed, Shellshock, POODLE, etc., are distracting organizations and security teams from the really scary threats—the unknown unknowns—particularly APT (advanced persistent threat) attacks that don’t just steal data, but destroy it, bringing down business operations,” Amoroso says. “No longer will the greatest threat be someone else having access to your data, but the inability for you to function.” APTs work in waves or phases to break into a network and work under the radar to create damage and/or capture sensitive data throughout an extended period of time.
What can be done? Amoroso suggests companies will increasingly take a page from the bad guys’ playbook by adopting defense strategies that leverage the decentralized, resilient architecture of botnets. “Given how impossible botnets are to bring down, why would we not take note and structure defenses similarly?” Amoroso asks. In fact, he says, in a way, malicious botnets have already provided the industry with a proof of concept.
He also predicts companies will realize, hopefully in time, that they must reduce their dependence on physical infrastructure in order to protect themselves against destructive attacks. Like in 2014, when many companies were not prepared for security breaches that hit them, in 2015, more companies will likely become victims if they do not take steps now to prepare for the evolving threats facing the space in the next 12 months.
In an effort to work with industry, military, academia, and government, Connected World magazine will create a special cyber summit in 2015. The Connected World Conference in partnership with University of Alabama at Birmingham’s Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to create a call-to-action and develop a take-away security strategy to protect our connections to the nation’s most critical infrastructures. The event will be held in Birmingham, Ala., Feb. 23-24, 2015.
Want to tweet about this article? Use hashtags #M2M, #IoT, #ATT, #security, #2015, #trends, #predictions, #data, #breach