This blog post is part of a series of articles related to STANLEY Security’s 2020 Industry Trends Report. To download the full report, click here.
Cybersecurity will remain a top priority for organizations in 2020, as the number of devices added to enterprise networks continues to increase, which, in turn, expands the complexity of managing those networks.
Additionally, cyber threats continue to become more prevalent, impacting organizations across the globe. In a 2019 survey conducted by Cisco, more than half (56%) of respondents reported “experiencing a significant security event (breach, intrusion, malware infection, etc.) in the past year.”
Organizations in nearly every vertical have been targets for email spoofing and phishing attacks designed to harvest credentials and/or introduce malware into their systems. One such malware was the Eternal Blue exploit.
Beginning in 2017, it was used in ransomware attacks, such as WannaCry, that exploited vulnerabilities in a common protocol in order to encrypt files, leaving organizations without access to critical business services unless the organizations paid a ransom or could restore their data through unencrypted backups.
Where Physical Security and Cybersecurity Intersect
While many of these cyber attacks are attributable to attackers targeting traditional endpoints, there’s now also a rise in the number of attacks targeting Internet of Things (IoT) and other IP-connected devices.
These IoT devices – projected to reach 18 billion in number by 2022 – come in all shapes and sizes, from devices used in building/facilities management technologies (HVAC, lighting, physical security systems) to IP-connected devices used in healthcare and manufacturing.
While these devices can drive efficiencies throughout an organization, they also increase an organization’s technology footprint and potentially their exposure to a cyber attack. In fact, some of the features that enable these devices to increase efficiencies and bolster productivity are the same features that make them vulnerable to attacks.
IoT and other IP-connected devices are designed to communicate with each other using internet protocols that allow them to be connected and managed remotely. As such, these devices are connected to the larger corporate network, making them a liability if not managed and maintained properly.
Protecting Your Business Security System from Cybersecurity Threats
Managing edge devices isn’t anything new in the information technology (IT) world, but what is different with IoT devices is the sheer number – and variety – of them available on the market. Add to that the tendency for organizations to rush to implement these devices without proper standards in place beforehand, and now you have a complex, connected system that may open the door to cyber attacks.
In 2020, in order to mitigate risks, such as malware attacks or vulnerabilities in IoT devices, organizations should work on improving their cybersecurity by focusing on a few key areas:
- Investing in better tools to more effectively monitor the IT and OT network
Modern cybersecurity tools are capable of using artificial intelligence and deep learning along with behavioral analytics to automatically detect anomalies in network traffic and alert or act on suspicious behavior. Some network devices can leverage threat intelligence to offer advanced malware, ransomware and DNS-based protection.
When these tools are implemented, they go through a period of learning and then establish a baseline of normal traffic patterns and behaviors throughout the network. Instead of an analyst or algorithm going through raw data after an incident to find these anomalies, this monitoring happens in real time and can trigger an alert almost instantaneously when a device on the network is not behaving as it normally would. Beyond that, these devices can also block/suspend traffic or quarantine an endpoint, based on the data they collect.
Some examples of this would be an endpoint or IoT device that typically only communicates with one device but suddenly begins broadcasting and establishing connections with multiple devices, or an endpoint that starts doing file transfers out of the blue. This behavior would be out of the ordinary and considered suspicious. Alerting to and acting on this behavior right away saves precious time – time that is critical in a situation in which a breach is potentially occurring, or files are being encrypted.
By using newer, smarter tools that detect such suspicious behavior, organizations can be more proactive in monitoring their networks and have a better understanding of the whole environment as well as the relationship between IT and operational technology (OT) endpoints.
- Implementing better processes and procedures for managing IoT devices
IT has long had tools and processes in place to deploy and manage IT endpoints, such as PCs, smartphones and wireless access points, but with the influx of IoT devices and other operational technology being added to the environment, organizations need to be looking for ways to deploy and manage those devices as well.
Practicing good cyber hygiene is crucial in creating routines and developing best practices for updating and securing devices on the network. Devices such as IP cameras, access control panels/card readers and IP intercom systems – to name a few – need to be managed and monitored for performance and security vulnerabilities to ensure they’re secure and up to date.
The first step is to establish a baseline with an accurate inventory of all IoT devices on the network as well as the firmware versions and protocols used by these devices. Some tools can provide inventory and reporting on these physical security and operational technology devices, so that you have a single dashboard to view and manage them. Having the ability to run reports to see what physical security and IoT devices are on your network (and knowing what version of firmware they are on) is a great starting point to developing good cyber hygiene.
The next step is completing risk assessments of these devices and then working with solutions providers to implement purpose-built solutions to monitor and patch the devices. Solutions that can identify baseline firmware versions and report on compliance – as well as automate critical tasks such as firmware upgrades – are key to addressing cybersecurity vulnerabilities.
- Increasing budgets for professional services, cybersecurity staff and training/up-skilling current staff
The rapidly evolving IT landscape – combined with the increasing frequency of large-scale cyber attacks and data breaches – is pushing organizations to invest in dedicated cybersecurity staff or engage with providers that offer additional security services.
Training in detection and response as well as automation and orchestration have become necessary within IT departments to discover threats and reduce manual tasks prone to misconfigurations and errors.
Organizations are also developing security operations centers with capabilities to detect, analyze and respond to cybersecurity issues.
Lastly, organizations are looking to security partners for services, such as annual cybersecurity risk assessments, device configuration and management, security as a service, threat hunting/threat intelligence and more.
These services have grown over the past several years and are offered by many integrators and security providers to bridge the gap for organizations that are struggling to find the right mix of skills needed to address constantly evolving cyber threats.
The last several years have served as a wake-up call for organizations and IT departments, which have put cybersecurity at the top of their priority lists.
In 2020 and beyond, organizations should focus on using smarter tools, implementing better processes and filling the skills gap through increased training and/or strategic partnerships with service providers. There’s no one-size-fits-all solution to cybersecurity, but by focusing on these areas, organizations can better position themselves to identify and eliminate cyber risks.