With the developing worries of the CoVID-19, the digital world has outperformed the human expectations of moving towards digitization and WFH culture. Undoubtedly, the Internet of Things aka IoT has also been expanding with numerous devices connected aiding people to stay connected and get benefited with the use of the IoT technology. In 2020, COVID-19 left few stones unturned with its overturning sway on wellbeing, society, the economy and innovation itself. Internet of Things (IoT) security was no special case. The novel coronavirus, which causes COVID-19 illness, brought new security issues to the front, and these issues remain to ricochet through 2021 and past. As numerous activities got remote, advanced and more associated (think digital health, videoconferencing and facility remote monitoring), cyber threats likewise got common. A large number of these IoT security threats just expanded the surface territory for attacks and moved focuses from centralized areas (the workplace) to the edge of the network.
One of the key take away points is remote working as individuals from a gamete of organizations world wide have been required to work from home. IoT world today quoted “During 2020, users’ home networks and devices became more significant attack vectors as workers were forced to stay home. IDC predicts that by 2022 more than 40% of enterprises’ cloud deployments will include edge computing.” Also, with proliferation comes expanded vulnerabilities. As per the new Cisco review-based report “Getting What’s Now and What’s Next,” the greater part of respondents (52%) said that cell phones are currently “very” or “extremely” challenging to safeguard Mobile devices extend the network’s defensible perimeter beyond traditional data center assets or even cloud assets to the edge of the network.” The attack surface has extended fundamentally with IoT, cloud, 5G – [malicious attackers] will attempt to utilize the potential entry points that are least resistant,” said Sean Peasley, from Deloitte and Touche LLP. Different weaknesses arose as digital well-being turned out to be more pervasive with social separating prerequisites.
New governance policies have been tried and tested to improve the interconnectivity of IoT and broadly the cybersecurity arena as well. Until this point in time, the Internet of Things has experienced damages and absence of agreement on regular principles to which suppliers should follow. Subsequently, devices utilize a scope of protocols that aren’t interoperable and are frequently defenceless, because of absence of patching and regular updates. The IoT Cybersecurity Improvement Act, endorsed into law in December 2020, trains in on this normalization issue in the U.S. The enactment sets up least security prerequisites for device makers and utilization guidelines given by the National Institute of Standards and Technology (NIST), which will cover devices from development to production. The act likewise requires the Department of Homeland Security to audit and return to the enactment up to like clockwork and modify it as essential. [Reference]
Increasingly, the cybersecurity landscape has been defined by nation-state actors causing disruption through such breaches as NotPetya, WannaCry, Stuxnet and others. While some attacks seek to extract financial gain, many breaches by nation-state actors, Maxim said, seek to disrupt, disinform or otherwise throw a target off guard. The important critical infrastructures (CI) are being targeted big time and It will continue, and unfortunately, COVID may be the lever that [nation-state actors] use to spread disinformation about treatment, vaccines. Forbes has quoted that protecting critical Industrial Control Systems (ICS), Operational Technology (OT), and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. The explosion of connected devices comprising the Internet of Things and The Internet of Industrial Things is challenging.
Obviously, there are numerous other convincing patterns and threats to the cybersecurity ecosystem. More to cover in future articles. Some of the key patterns of the growing digital threat surface, remote work, IoT production network, ransomware as a digital weapon of decision and dangers to basic framework through ICS, OT/IT digital danger union have been the highlights here. The main errands dependent on dissecting patterns is to be have a moderation procedure, be careful, attempt to fill potential vulnerabilities, and learn from the lessons of the recent new cyber-breaches. It sounds cliché but in today’s digital world, it has always been the case that security can never be 100% but its about creating awareness amongst employees and conduct mandate trainings so that they can stay up-to-date with the rising number of cyber-attacks and prepare for an effective defence against the bad actors.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective.