Security Pros Must Join Forces to Combat the Internet of Evil Things
Aug 26, 2015
By Dave Porcello
Vulnerable IoT devices and low-cost, plug-and-play cyber-espionage tools represent an emerging threat vector: the ‘internet of evil things’ (IoET). Dave Porcello argues infosec pros need to better understand this threat and collectively develop a standardized framework and taxonomy to enable IoET information exchange
The line between personal and business communications has blurred beyond recognition. Business computing is no longer the beige box that sits on your desk or the company-issued PDA. Instead, today’s IT infrastructure is an unmanaged mix of company-issued equipment, personal devices (BYOD) and off-network IoT or ‘smart devices’ outside the ownership and control of the enterprise.
While device vendors rush to capitalize on consumer IT and the ‘internet of everything’, important questions are being left unanswered. How can such a diverse assortment of devices and technologies be effectively policed to ensure the security of our personal and business networks? How can personal privacy be maintained in a world where everyday objects are constantly recording the user’s every move?
In a recent study, 83% of over 600 information security professionals indicated they were concerned about rogue and unauthorized devices operating within their organization without their knowledge. What’s worse, 69% revealed they are unable to even detect the wide array of computing devices currently in use across their enterprise.
Security professionals recognize this threat, but are still finding themselves unable to combat it effectively. With estimates predicting there will be up to 40 billion connected devices in operation by 2020, there is precious little time to develop effective defenses against this ever-expanding threat vector.