Securing our connected future

Paul McEvatt
By , - Information Security

We live in a society where connectivity is everything and our expectations of technology are constantly increasing and changing.

It’s estimated that there will be 20 billion connected devices by 2020. The data gathered in this Internet of Things (IoT) era is helping businesses stay relevant, understand their customers more fluently and improve the services they offer them.

However, greater connectivity introduces new issues to be concerned about such as cyber security controls and vulnerabilities that had not been considered before; something everyone from CEO to consumers are increasingly aware of and concerned about.

New IoT vulnerabilities are surfacing every day, and with IoT search engines such as Shodan, cyber-criminals are finding it easier than ever to find devices with these vulnerabilities.

In tandem with this, machine learning and analytics have become more readily available and whilst cyber-criminals can also use these techniques for their own benefit, they provide a great way for manufacturers and security professionals to combat this issue.

While IoT devices generate lots of data, it’s through machine learning that we’re able to analyse it and help detect and improve weaknesses in the network or spot abnormal activity when it occurs.

In short, the battle to secure a truly connected work is already revolving around IoT.

Hybrid working – a problem shared is a problem solved

Humans have a huge role to play when it comes to securing a business.

Whilst the current methods used for this, such as active threat hunting, can be time-consuming and involve an analyst trying to identify a problem that may not even be there, coupling this with AI and machine learning solutions is vital for organisations to stay on the front foot.

This hybrid approach, also referred to as ‘attended machine learning’ is one of the best options businesses can adopt.

A number of different security technologies, from anti-virus, intrusion detection systems and firewalls, will be used to protect a network, however, despite the constant advancements in technology to ensure these systems are working optimally, utilising human experts means the burden of monitoring and defending against cyber-attacks is shared.

This allows the two forces to work together seamlessly, providing better results and analytics.

Cyber-security will always require a human mind and a critical eye. Human input in collaboration with machine learning utilises both parties’ key attributes. This approach can enhance accuracy and, more importantly, reduce incident response times to ensure any risks are acknowledged and dealt with in a more timely fashion.

With additional devices come more vulnerabilities

A well-known issue with cyber security is the difficulty with gauging whether a possible threat is actually malicious or not.

Machine learning and AI can improve this, by learning everything about how a company’s network operates normally, or how an endpoint should behave. It can then generate an alarm when something out of the ordinary happens.

These notifications will alert companies of potential malicious activity, and become more advanced as the activity changes – essentially ‘learning’ the traits of the attack.

Its benefits don’t just stop there; as global cloud security platforms centralise this threat intelligence, others with the same technology will be updated and receive an enhancement of their security defences.

Fail to plan

To truly benefit from machine learning and AI tools, IT teams should also be constantly learning in order to stay up to date.

Regular training will ensure there’s an understanding of the risks associated with the business and customer data. Additionally, knowledge and understanding of new regulations, such as the upcoming EU GDPR, will allow companies to get security right before it’s too late.

With more responsibility being put on businesses when it comes to security, regulations need to be understood. Following frameworks such as the Online Trust Alliance (OTA) is vital to ensure safe practice with connected devices is being adhered to.

There must be a minimum security standard and framework that should be followed. Until there is a focus on security around IoT devices, the situation is unlikely to improve.

The future

Cyber security can no longer be the afterthought as IoT technology continues to advance.

To enjoy and benefit from the advancement of IoT, businesses and consumers must take the necessary steps to ensure data is being properly protected.

We will continue to see advancements in the technology and security of machine learning and AI. However, human input should not be overlooked and seen as the weakest link to the IoT devices being brought in.

The best optimal solution for fully-rounded security controls is the hybrid approach with machine learning in operation with humans maintaining, monitoring and defending networks.

Leave a Reply

Your email address will not be published. Required fields are marked *