Combining three pillars of cybersecurity analytics will help IoT expand opportunities for all industries.
In January 2017, the U.S. Department of Homeland Security warned of a cybersecurity flaw that could allow hackers to remotely take control of a person’s heart defibrillator or pacemaker. The point of vulnerability is the transmitter that sends data from the implanted devices back to physicians.
“In theory, any internet-connected device can be hacked.”
In 2015, a similar vulnerability was found in infusion pumps: A hacker could potentially dump an entire vial of a drug into a patient at once. Attending nurses wouldn’t even know.
In theory, any internet-connected device can be hacked. This is a terrifying reality when you consider the scope of the Internet of things (IoT).
IoT is the concept of everyday objects – from industrial machines to wearable devices – using built-in sensors to gather data and take action on that data across a network. But protecting all those IoT connections with ample security is frequently an afterthought.
Why we need IoT security
Consumer IoT devices get a lot of headlines, but behind the scenes, IoT is redefining the possibilities in commerce, industry, healthcare and government:
- Instead of having drivers rove around town to read water meters, cities are using smart meters that remotely deliver readings over the internet. One town that connected 66,000 smart water meters forecasts a net savings of about $10 million due to increased efficiency.
- Oil and gas companies can optimize production by using sensors to measure and act on oil extraction rates, temperatures, well pressure and other operational factors. One company estimates that new insights save about $145,000 per month per field.
- A manufacturer outfitted more than 100,000 trucks with sensors that transmit more than 10,000 data points per truck to proactively identify maintenance needs, reduce downtime and potentially enable new services such as differentiated service contracts.
- Progressive retailers use IoT to improve the customer experience in stores. For example, with Apple iBeacon™ technology and an app on the customer’s device, retailers can trigger location-based action such as a check-in on social media or pushing a customized offer.
The world of IoT is moving from speculation to implementation. By 2016, the total economic potential of IoT had already reached $120 billion and could reach $6.2 trillion by 2027. Gartner projects 6.4 billion internet-connected things worldwide in 2016 (up 30 percent from 2015), and it will reach 20.8 billion by 2020.
The dark side of massive connectivity
When everything is connected, everything is at risk. IoT devices make organizations vulnerable. And since many IoT devices weren’t built for security functions, they are relatively easy to breach.
“A strong cybersecurity platform captures all network traffic at the source.”
Mirai has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, such as the October 2016 attack that blocked access to GitHub, Twitter, Reddit, Netflix, Airbnb and other high-profile websites.
Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT.
Fighting back with cybersecurity analytics
It’s time to fortify cybersecurity defenses to reflect the escalating risk. The biggest challenge is that most security organizations don’t have full visibility into their networks because networks are always changing.
“IoT is redefining the possibilities in commerce, industry, healthcare and government.”
Here’s where security analytics comes in. With a combination of data quality and data management capabilities, predictive analytics, machine learning and more, security analytics delivers the situational awareness that has been missing.
With security analytics, you can search for unknown entities on your network and discover unauthorized communications with unauthorized entities.
Here are three pillars of analytics-driven IoT security:
A strong cybersecurity platform captures all network traffic at the source and appends business and security context – in real time or very nearly so. By adding in user authentication data, web proxy data and security product alerts, the result is a smarter baseline for an integrated analytics engine – and more accurate results.
With advances such as distributed, in-memory computing and event stream processing, the platform can keep pace with an expanding network and new data sources.
Far beyond rules and signatures, this platform should include a combination of anomaly detection, predictive analytics and dynamic, adaptive data analysis to spot suspicious activity based on an entity’s own behavior and peer behaviors.
To choose the best response, you have to know if the behavior is localized or pervasive. You can do this by using a visual control center to automatically generate and display an entity risk score.
With a prioritized list of suspicious entities, you can focus on understanding why the behavior is occurring. Examining the underlying risk indicators helps you formulate hypotheses quickly for further investigation and testing.
Based on the information you now have, you can take immediate action. You may quarantine or remove the entity from the network temporarily during the investigation to mitigate your potential risk.
An evolution in cybersecurity
Many organizations have relied on ad hoc and reactive approaches to cybersecurity analytics. Some dump network traffic into a data lake for future correlation with other data sources.
When the data is queried, users must know the “right” questions to ask to understand what’s happening in the network.
It’s time to climb the maturity scale. It’s time to adopt a more sophisticated, scalable cybersecurity analytics platform that automatically provides deep network visibility and insight. And it’s time to stop the hackers who want to create havoc in the IoT.
This article first appeared on SAS Insights and was published with permission.
Every morning, wake up to the blog that gives you the latest trends shaping tomorrow.
You might also like: