Cloudflare launches fastest and most secure 22.214.171.124 DNS service. Here’s what that means for Internet users.
[ Continue reading this over at RedmondPie.com ]
[ Continue reading this over at RedmondPie.com ]
Security has been an afterthought for many IoT applications, but the Internet of Things cannot simply be left to become the “Internet of Threats”, warns IBM.
Industry and utilities companies, in particular, need to develop new strategies to mitigate and manage cyber risks, says the enterprise services giant.
IBM’s Institute for Business Value (IBV) has produced a new report, Internet of Threats: Securing the Internet of Things for Industrial and Utility Companies.
The document says that there is limited awareness of the need for IoT security. “An incomplete understanding of the risks posed by IoT deployments, coupled with a lack of a formal IoT security programme, contributes to the gap between IoT adoption and the capabilities in place to secure it,” it says.
IT-centric security frameworks and organisational structures are often not adequate to address the reliability and predictability needs of always-on IoT equipment.
While the Industrial Internet of Things (IIoT) represents a market that could add $ 14 trillion to the global economy by 2030, underlying concerns about the security and vulnerability of sensors and other devices “are justified”, says the company.
A separate IBM/IBV benchmarking study of 700 industrial/utilities IT and operational technology (OT) leaders found that devices and sensors, followed by IoT platforms, are the most vulnerable parts of connected deployments.
By 2020, 30 billion devices will be online, generating 600 zettabytes per year, says IBM. By 2035, more than 75 billion IoT devices will be connected.
Deploying IoT technologies at a faster pace than they are being secured can “open organisations to dangers greater than negative public sentiment”, warns IBM. “For industrial manufacturing, chemical, oil and gas, and utilities, security breaches can lead to large-spread contamination, environmental disasters, and even personal harm.”
Operational IT has become a growing target, accounting for 30 percent of all cyberattacks, continues the report.
In the Middle East, for example, 50 percent of cyberattacks are directed against the oil and gas industry, creating major impacts to safety, productivity, and efficiency.
Despite this, most industrial and utilities organisations are still in the early stages of adopting best practices and protective technologies to mitigate IoT security risks, says IBM. “Only a small percentage have fully implemented operational, technical and cognitive practices, or IoT-specific security technologies,” adds the report.
As a result, the IoT security capabilities of most organisations “are in their infancy”, with cybersecurity risks “still being evaluated and risk assessments performed on an ad hoc basis”.
Part of this is down to an ongoing shortage of cybersecurity skills, and the slow emergence of IoT security standards. But what can organisations actually do about the expanding threat landscape?
First, organisations must recognise that IoT security doesn’t exist in a vacuum, says the report. “Procedures must be followed, practices and technologies adopted, and measures taken to meet key performance indicators (KPIs).”
Next, organisations should implement practices that follow an operational excellence model of people, process, and technology to build IoT security capabilities.
“Increase employee visibility into IoT security operations, IT, and OT. Makers of next-generation connected devices and services may consider purchasing insurance against software malfunctions and any damage hackers might cause,” suggests the report.
“Know when and how to be proactive,” it continues. “To prepare an effective response to cyberattacks, carry out breach simulations, regular field and plant situational awareness, and engage in security operation centre monitoring.”
The separate IBV benchmarking study gauged the use of a number of technology solutions for delivering IoT security. These included:-
• Encryption to protect against attacks that could compromise sensitive information and lead to the destruction of property and equipment, or create personal safety issues.
• Network security and device authentication, to secure deployments between IoT devices, edge equipment, and back-end systems and applications.
• Security analytics, to identify potential IoT attacks and intrusions that may have bypassed traditional security controls.
• Identity and access management, which can help enterprises and service providers manage and secure relationships between identities and IoT devices.
These are all excellent approaches, says IBM, but the overwhelming need is to look at IoT security as a strategic business issue, and not as a technology problem demanding point solutions.
So far, 2018 has seen a number of key trends dominating IoT announcements. Among these have been: the rise of driverless vehicles and drones; the coming of 5G; and the use of connected technologies in healthcare and retail. However, the strongest and most consistent message has been a warning about lax IoT security, both from a provider and user perspective.
IBM has a long track record in sounding the alarm about these issues, having carried out some of the earliest security tests on devices such as connected cars, lightbulbs, and enterprise HVAC systems, all of which it found to have serious flaws – such as the brakes of a smart car that white-hat researchers were able to disable with a hacked MP3 file some years ago. It seems that little has changed since then.
As one of the biggest names in enterprise technology – which itself has refocused on cognitive services and connected systems – let’s hope that more organisations pay attention to both its warnings and its practical advice.
You can download IBM’s full report from Internet of Business here.
The post IBM: “Industry, utilities, deploying IoT faster than it can be secured” appeared first on Internet of Business.
There are several companies that offer encrypted and untraceable phones for use by the more private figures among us, and Canada-based Phantom Secure is one of them. However, its founder and CEO, Vincent Ramos, has been arrested by the FBI on several charges, all of which are related to selling locked-down BlackBerry phones to members of illegal organizations such as the Sinaloa drug cartel and the Hells Angels.
Phantom Secure takes what appear to be BlackBerry 9720s and removes the microphones, camera, GPS, Internet capabilities, and normal messenger services.
FBI busts Phantom Secure CEO for selling secured BlackBerry phones to drug cartels was written by the awesome team at Android Police.
The macOS High Sierra 10.13.2 App Store settings can be unlocked with any password entered by an administrator account — but Apple appears to have already implemented a fix in the beta releases currently in testing.
AppleInsider – Frontpage News
As expected, Samsung registered a record operating profit of 14.07 trillion won ($ 12.6 billion US) in Q2 2017. Interestingly, the breakdown reveals that while its mobile division's (including Galaxy S8 / S8+) sales were up over the same period last y…
Engadget RSS Feed
A few weeks ago I wrote about the challenges facing the healthcare industry ahead of a new report out from a group that was created to figure out what challenges the growth of internet connected devices will have on healthcare. The report, written by the Health Care Industry Cybersecurity (HCIC) Task Force, is sobering reading. The report deals with all aspects of healthcare delivery, from the companies like GE and Philips that manufacture equipment that isn’t supported with security updates to the FDA which oversees the regulation of medical devices.
No one comes out looking good. Hospitals added connected devices without thinking through the consequences and now have little understanding of what they own and what might be vulnerable. Nor do they have the budget or expertise to fix it. Government funding formulas helped incentivize hospitals to buy connected products without thinking through the security of those devices and equipment makers put devices on the market with no thought to security and now refuse to keep them updated. Stuck in the middle are a few hospital CISOs and patients who are seeing their data hacked and appointments canceled as hackers target the medical wards for financial rewards. The worst news is that this problem meets up with a buying cycle that means insecure equipment will still be in the hospitals 15 years from now.