Security in the Digital Transformation Age

With the rise of the Internet of Things adoption, technology is a sector that grows daily. In their most recent study, 451 Research find that IT-centric IoT projects still dominate the top IoT initiative, with data centre management, surveillance and security monitoring the current top IoT use cases deployed.

Data analytics, security and virtualisation capabilities are the most required skills in this stage in time. There is a lot of innovation when it comes to Artificial Intelligence and Machine Learning, which also brings many threats to information security. Big companies like Apple, Google, Amazon or IBM invest heavily to prevent any mass cyber-attacks from happening, while smaller companies don’t have the resources to secure their systems.

The reality is we are dependent of the Internet, our mobile devices, our smart gadgets and applications that are with us always. This dependency should be protected against identity theft, misuse of information, cyber-attacks and security breaches.

With the rise of new technologies and smart gadgets, many companies think less of securing their software. Since the beginning of the Digital Era, the cyber-attacks have become more frequent and sophisticated. 

In the same way innovators are looking to expand and revolutionise the tech industry, hackers are constantly finding new targets and refining the tools they use to breach systems. A few of the most recent incidents - like the ransomware attack against Britain’s National Health Service, and San Francisco’s light rail network and the cyber-attack on Equifax credit reporting agency in 2017 - prove that companies that hold important, sensitive information should have security experts in place to ensure that information is protected.

There were cases where a consumer’s laptop was hacked via a public Wifi network and used to mine cryptocurrency. Due to the lucrative nature of BitCoin and the ease by which some users’ machines can be secretly co-opted, this type of attack is far more common than many people would expect.

The continual growth of Artificial Intelligence (AI) technologies has encouraged hackers to explore and use AI tools as a faster return on investment. For instance, spear phishing occurs when hackers create targeted digital messages to trick people into installing malware or sharing sensitive data. One big target in 2018 will be the cloud computing businesses that are increasingly relied on to store large amounts of consumer data.
 

IoT Future Growth

It is predicted that in the next 10 years, most of the world’s data will be moved to the cloud. Nearly every gadget, household appliance and device will be connected to the Internet. This is expected to result in more complex data security attacks from device-based to cloud-based botnets.

With advanced AI technologies and Machine Learning, we expect that connected devices will be able to predict, talk, listen and more. The future holds great potential to transform businesses with new product offerings, amazing customer experiences and innovative business models.

According to the Harvard Business Review,  75% of organisations believe that their future success depends on collaboration between human and machine intelligence. Although AI and Machine Learning already dominate B2B Software, IT Services, will see rapid expansion in the Manufacturing, Government, Education, Finance and Healthcare sectors.


  
For example, Toyota Materials Handling is moving from its traditional processes to more efficient ways of distributing intelligent logic across its factory and robotic systems. Using AI, they can train pallet drones to recognise patterns, automate processes, and learn the flow in a manufacturing environment.
 

So, what can happen to those billion internet-connected things by 2020?

Marg Hung, Vice President at Gartner Research comments in one of the latest research papers that the biggest barrier to the IoT is that most enterprises have a lack of awareness in what to do with the technology. If they do have plans for the IoT, there is a concern over who will lead these initiatives. The same applies to the security of the IoT projects where businesses need to understand the broader view of the IoT so that they can start business conversations, develop their own thinking, refine approaches and choose the right partners to develop these initiatives. Low-code applications platforms such as KnowledgeKube take advantage of technology like Azure's cloud-based services to let users do their best work with peace of mind.

Microsoft have developed a solution called Azure Sphere, which aims to create highly-secured, Internet-connected microcontroller (MCU) devices. There are over 9 billion MCUs built and deployed every year in devices like toys, household’s appliances, industry equipment, etc. This class of devices is not prepared for the security challenges of internet connectivity and the lack of investment in making these devices safe could lead to more cyber-attacks. 

To prevent this, Microsoft have identified the need for a hardware root of trust to protect and defend the software on a device. Multiple layers of security will deter hackers, even if they breached one level of security. You can learn more about the security benefits of Microsoft Azure Sphere by reading this article.



 

Ways to prevent cyber-attacks:

  1. Staff education: teach staff not just about attacks against technology e.g. phishing e-mails, but also the important aspects around social engineering, the psychological manipulation of people into performing actions or divulging confidential information.
  2. Identity sensitivity: know where critical and sensitive data is located, and make sure you trust the systems you rely on. Identify the potential for social engineering techniques that could result in the disclosure of sensitive information.
  3. Have a security policy: define what is or isn't allowed both internally or with partner companies e.g. ISO 27001. It is important to understand that if you can't be compromised directly, an attacker will often look for a weak, trusted, third-party.
  4. Invest in modern firewall and intrusion detection technology: though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network.
  5. Protect the internal network: make sure that your servers and computers are protected by Anti-Virus software and are regularly patched. Most software vendors go to great efforts to mitigate potential security flaws!
  6. Protect your desktops: update your operating systems. Example, Windows 10 is packed with modern, virtualised, threat mitigation technologies.
  7. Data encryption: laptops and personal storage should be encrypted to protect sensitive data.
  8. Invest in the cloud: Office 365 and Microsoft Azure employ global scale, security intelligence networks, take advantage of them!
  9. Strength in-depth: Implement a layered, defense in-depth strategy across identity, data, hosts, the desktop and networks.
  10. Backup everything: this is probably the most important action to take.
  11. Test everything: especially your backups!