Mobile is changing the face of cybersecurity

February 15, 2016

We live in interesting times. Or, as a cybersecurity professional might put it, we live among proliferating attack surfaces.

Three of the research firm Gartner’s top 10 strategic technology trends for 2016 were the device mesh, autonomous agents and machines, and Internet of Things platforms (Gartner, 2015). These emerging trends have a common thread. All involve mobile platforms, networks and software that drive specific applications. 

The term “device mesh” refers to the proliferation of Internet-connected devices and the data they collect and report to various databases. Included are mobile devices like smartphones and wearables like the Fitbit watch (Fitbit, 2016). These devices display an increasing ability to connect to each other (without human intervention) as well as to backend databases. Autonomous agents or machines bring to mind robots and artificial intelligence (AI). 

Gartner goes on to report that digital assistants such as Google Now, Microsoft's Cortana and Apple's Siri are increasing in capability and popularity. Indeed, according to analysts, some users are losing the ability to distinguish actual humans from these popular talking AI applications. I hope that’s not true.

Last, Internet of Things (IoT) platforms include management, security, integration and other technologies and standards – all areas that IT is traditionally responsible for. The IoT, however, vastly expands the scope of the challenge for security professionals. It’s one thing to secure a network, another to protect a rapidly expanding web of Internet-connected devices.

To meet the challenge, professionals in the field apply the three pillars of cybersecurity: confidentiality, integrity, and availability. A major issue is protecting millions of legacy devices currently in use, which do not have the capability to implement the latest countermeasures (multi-factor authentication, encryption, VPN to name a few). The threat to these Internet-connected devices is very real and continues to evolve quickly as public reliance on these devices increases. 

On September 10, 2015, the Federal Bureau of Investigation (FBI) issued Internet Crime Complaint Center (IC3) Alert # I-91015-PSA, which alerted the public to the emerging threat to the IoT presented by cyber criminals (FBI, 2015). FBI Alert #I-91015-PSA not only defined IoT devices but also discussed the risks posed to these devices by cyber criminals and reported on several notable incidents.

In one case, cyber criminals exploited gaps in a closed circuit TV system, rendering this countermeasure useless to security officers. Second, Criminals can also exploit unsecured wireless connections for automated devices, such as security systems, garage doors, thermostats, and lighting. 

Spammers have been known commandeer home-networking routers, connected multi-media centers, televisions, and appliances. Lastly, cyber criminals can exploit security weaknesses in monitoring systems embedded in our control networks in power generating and distribution systems (FBI, 2015).

The challenges listed here are many, but the rewards presented by these emerging technologies are too important to forego the use of these technologies due to perceived and real threats. The risks to our personal information, in storage or transmitted, must be addressed by a formal risk management program adopted by the custodians of our data. 

References

Federal Bureau of Investigation (FBI) (2015). Internet Cyber Crime Center (IC3), Alert Number I-091015-PSA (September 10, 2015).  Retrieved from http://www.ic3.gov/media/2015/150910.aspx

Fitbit (2016). Fitbit. Retrieved from: https://www.fitbit.com/flex

Gartner (2015). Gartner Identifies the Top 10 Strategic Technology Trends for 2016. Retrieved from: http://www.gartner.com/newsroom/id/3143521

By William Butler, chair, cybersecurity program