Security Experts: IoT Will Be Biggest Threat Of The Next Decade
The Internet of Things will be at the center of enterprise security and infrastructure readiness for the next several years, a panel of security experts said at Intel Security's Focus 16 in Las Vegas.
"It's going to be the story of the next decade. We're probably just in the first inning when it comes to connected devices," Optiv CFO Dave Roshak said on the panel.
While consumer use of connected devices is growing, Roshak said he sees IoT starting to gain traction in enterprises. He said Optiv, for example, is already helping enterprises use IoT to become nimbler in their business processes. That's a huge opportunity for solution providers who can have those security conversations around IoT, he said.
"I think it's a unique opportunity from a security standpoint to be baked in from the beginning of that process, as opposed to being brought in as an afterthought," Roshak said.
And, from where companies stand today, they are wholly unable to handle these emerging threats, Tony Gigliotti, president of Autonomic Software, said.
"I just look at [the Internet of Things] and I say to myself, if we're not careful, this thing could get messier than a food fight in an Italian restaurant … I just don't know how we are going to handle it from where we stand today," Gigliotti said.
One example of where IoT can have devastating effects, if not implemented properly, is in the national power grid, Ted Koppel, renowned journalist and author of Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, said in a keynote presentation following the panel.
As computer systems and IoT devices are used to optimize the power grid and keep an appropriate balance of power in the systems, Koppel said there is a huge risk of a catastrophic outage from hackers and nation-state attacks. He said evidence has already shown hackers from Russia, China and more poking around in those environments, readying for an attack if necessary.
"It isn’t a question of 'if,' it's a question of 'when,'" Koppel said. He said the government and companies need to start preparing now to minimize the impact of an attack, as well as take measures to prepare in the event of an attack, including lining up food, resources and a plan of action.
The attacker ecosystem is also evolving, Art Wong, senior vice president of enterprise security services at HPE, said. Wong said attackers are getting much more sophisticated and building an ecosystem and innovating around the entire lifecycle of an attack. That means more companies than ever are vulnerable to attack, no matter their size or vertical, Wong said.
"When you look at some of the assets being stolen today involving intellectual property and commercial and enterprise data, it's really every single vertical and every single industry that’s vulnerable to this kind of attack," Wong said.
Wong said companies are challenged to fight back as they deal with a complex vendor landscape and a talent shortage in security. For that reason, he said many are looking to partners to help them integrate solutions, manage complex systems and overall implement the people, process and technology to reduce security risk.
However, with all the talk about risk around the Internet of Things, Autonomic Software's Gigliotti said it is also important to think of the benefits.
"The Internet of Things is its fraught with problems, but the risk is worth it," Gigliotti said.