Tuesday, 21 February 2017 16:14

Three groups threaten IoT devices, says expert


Attacks on Internet of Things devices and infrastructures are likely to stem from three groups, with each having of cyber crime and motivated by its own goals, according to Simon Howe, director of sales for ANZ at LogRhythm, a leading security information and event management company.

“Companies are investing heavily in drones, planning to use them for anything from remote monitoring of assets to the delivery of products to end users, Howe told iTWire in an interview.

"Like driverless cars, smart grids, and smart homes that can be remotely controlled, IoT is an increasingly attractive target for criminals who could use them to create damage and disruption.”

Howe said the first groups which would attack IoT devices and infrastructure were organised crime groups that operate globally and have become highly skilled in cyber crime. They have attacked everything from Bank ATM networks and company IT systems to retail and government systems. The motivation was financial gain.

Logrhythm Howe

Howe said the second was state attacks — foreign governments — intent on gaining a political or economic advantage. "There have been instances of government-sponsored attacks that have targeted vital infrastructure in other countries and this is likely to increase as IoT infrastructures grow. The motivation is knowledge and therefore power."

And, he said the third was terrorist groups. These are an emerging threat, but were seeking ways to exploit vulnerabilities and cause disruption, panic and loss of life.

Howe said IoT represented a huge potential attack surface for cyber criminals, because of the vast number of connected devices and because many were developed with little attention paid to security.

"Many connected devices are small and basic that means they don't have a lot of extra processing capacity or network bandwidth resources. They simply cannot support sophisticated security software on the device as is the case with computers or mobile handsets. Add the fact that they are spread across large areas with little hope of physical management and things become even trickier," he said.

But he pointed out that while these factors may make the IoT security challenge seem impossible, one should realise that these devices were still just computers. They lacked the capabilities of PCs but still had an operating system, a user interface and a network connection.

"The devices also produce streams of data, which can be particularly useful when trying to improve their security. There is significant potential to extract this data, analyse it remotely, and use the results to detect anomalous activity," Howe said.

"The techniques used here can be like those used in other areas of IT security. These include log management, networking monitoring, forensics and endpoint monitoring, all of which are valid in an IoT world."

Howe said achieving effective IoT security meant connecting many security tools and streamlining and automating their function. This approach, dubbed Security Automation and Orchestration (SAO), ensures security can be scaled to cover hundreds of millions or even billions of connected devices.

"Rather than trying to install agents on every device, an SAO approach can allow traffic from each to be analysed automatically by tools. If there is any activity that deviates from an established baseline — let’s call it 'known good' — an alarm can be triggered that leads to further investigation by a human," he said.

"A standardised approach like this allows more efficient collaboration between teams and even different organisations. Details of threats identified in one area can be quickly shared with others to assist them with enhanced security."

Logrhythm SAO

Howe said that early detection and neutralisation of threats was critical to ensure security was maintained within IoT infrastructures. Organisations needed to ensure they could quickly respond to threats before damage or losses occurred.

"By taking a structured and thorough approach to security now, organisations can be confident their usage of IoT can deliver significant business benefits without causing any new potential areas for cyber criminals to target in the future," he said. 


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments