Ramped-Up Investments In IoT Security Mean Solution Providers Better Be Ready
As Internet of Things security threats continue to rise, solution providers and vendors say they are starting to see the tide turn when it comes to real investments in IoT security technologies.
The comments come as the Black Hat 2017 conference in Las Vegas highlighted some of the latest threats against IoT devices, including attacks on smart locks, critical infrastructure, cars, smart buildings, industrial robots, radiation monitoring devices and more.
They also come after multiple high-profile IoT attacks in recent months, most notably with the Mirai botnet DDoS attacks launched through IoT devices including webcams, routers and video recorders.
[Related: Black Hat 2017: 9 IoT Security Threats To Watch]
Kelly Bissell, global managing director for Accenture Security, said he is seeing a lot of interest in IoT, especially after the recent attacks.
"If you look at any big company in that space, they are worried about IoT," Bissell said. That interest will only accelerate as attacks escalate from seeking financial gain to physical harm, property destruction and data manipulation, he said.
It is up to companies like Accenture to help businesses understand the risks and, more importantly, to "think differently" about IoT when it comes to security -- including bringing together operation technology and information technology teams together.
Maninder Singh, corporate vice president and global head of cybersecurity and GRC business at HCL Technologies, said he too is seeing growing awareness around the risks posed by IoT. Solution providers such as HCL are key to helping helping customers adopt those technologies securely with a holistic, integration IoT system.
Fortinet Global Security Strategist for FortiGuard Labs Derek Manky said the company's security researchers also are seeing IoT threats escalate, starting with the Mirai botnet and escalating to the Hajime IoT worm that the company is starting to see.
"IoT is here," Manky said. "We're seeing more attacks with IoT."
The Black Hat conference itself has also ramped up its IoT security investments to protect conference attendees, naming Boston-based Pwnie Express as the conference's first IoT security provider. In the Black Hat network operations center, Pwnie Express is responsible for protecting connected systems, such as the badge registration system, as well as spotting rogue IoT devices, CEO Paul Paget said in an interview with CRN.
"We don’t know what we're going to see. We just know we're going to see things," Paget said of IoT threats at the conference. Last year, he said the company saw rogue access points pop up at the conference for man-in-the-middle attacks and spoofed trusted networks.
Pwnie Express, which offers continuous identification, assessment and analysis of IoT devices on a network, has seen a "very strong" jump in business around IoT in the past few months, said Paget. The Mirai attacks last fall "flipped the switch" for businesses and served as a "watershed moment" for IoT security, he said.
Pwnie Epress Vice President of Marketing Dmitri Vlachos said he is seeing that same trend among solution providerss.
"We're definitely seeing that channel partners and managed service providers are realizing they need to be on the forefront here," Vlachos said. "If they don’t start offering the solution to the gap, then they're behind. … The awareness is definitely happening."
The initial growth is around manufacturing and health care, he said, but he expects other industries will start to pick up steam soon.
Accenture's Bissell said for companies to succeed in IoT, the CISO needs to take broader control of security, including both IT and OT networks.
"We have to be able to protect the full value chain of a company, not just the corporate network, which is where most of the security people sit," Bissell said. "What I'm doing is trying to push that ability of the CISO across the whole marketplace. … Because of Accenture's position we can help broaden that."
However, he said it is key that solution providers bring deep industry expertise to the table, as each vertical brings its own unique IoT challenges and concerns. For example, life sciences companies might be most concerned about data manipulation and manufacturing might be most concerned about factory impacts and safety.
"You can't just be a tech firm. You can't just be a fluffy consulting firm. You can't – you have to really understand what is going on to make an impact," Bissell said.