20 billion connected devices—that’s Gartner’s prediction for how many connected devices will be in use by 2020.
Now, rewind to October 21, 2016, and the (DDoS(distributed denial of service)) attack against DNS provider Dyn that impacted dozens of high profile networks—barring legitimate user access to websites such as Amazon and PayPal. While DDoS attacks are nothing new (they’ve been springing up since the ‘90s), the Dyn attack was unique in that it leveraged seemingly innocuous devices hooked up to networks, like baby monitors and printers, to coordinate the attack. This was one of the first prolific abuses of IoT (internet of things) devices.
As oil and gas and utilities bring their devices online in the industrial internet of things (IIoT)—they bear these cautionary tales in mind, ensuring enterprise level devices are much more secure than ones found in your home. However, risks for attacks still exist as hackers look for ingenious and clever pathways through complicated data systems—a truly scary thought.
Today, some of the most important security trends for major industrial businesses revolve around safeguarding data, while emerging tech is being utilized to help companies parse through data quickly to recognize threats across massive corporate networks. In addition, custom applications are also being leveraged to create more engaging first-line of defense programs to educate organizations about security concerns.
In this post, we’ll cover some of the top trends we’ve noticed in the past few months in greater depth:
Trend 1: Encryption of Data In Use is Becoming Practical
As IIoT devices and nodes generate vast amounts of sensitive data, with much of it destined to reside in the cloud, encryption of data in use is absolutely core for companies to protect their sensitive information.
Until recently, encryption of data in use hasn’t been possible at any kind of scale. But now that’s no longer the case thanks to advances in homomorphic encryption, which, according to Wikipedia, “is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.” In other words, it means you can keep data encrypted as you query, process and analyze it. Until recently, the homomorphic encryption process took much too long to be used commercially—but now the processing time has been reduced to a matter of seconds instead of minutes.
Here’s what companies need to be doing today:
Investigate homomorphic encryption implementations—but beware that this technology isn’t perfect. Vulnerabilities still exist and companies need to be aware that homomorphic encryption is not a full proof solution.
Trend 2: Proliferation of Immersive Virtual Reality Tools for Security Analysts
The corporate networks security analysts guard are inherently complex. So when something goes wrong—analysts can spend hours digging through digital logs to piece together what happened.
The current generation of user interfaces provides analysts with something akin to a spreadsheet—complicating matters during critical cyber security events. While some applications are already available to help analysts parse through their data by deliver only the data points they need, emerging tech—namely virtual reality (VR)—has the potential to change how analysts see data from the 35,000-foot perspective.
Today, various vendors are creating immersive virtual reality tools to help security analysts visualize their data layers. The result? Total visualization of data points during a security breach to more quickly and efficiently identify and neutralize threats.
Trend 3: Leveraging Mobile Apps to Keep Workforce Abreast of Cybersecurity Threats
Did you know one of the most expensive threats to companies comes from business email compromise (BEC) scams?
According to the FBI, the exposed monetary loss from BEC scams within a two-year period amounted to $3.1 billion—with a 1,300 percent increase since January of this year.
Those are huge numbers, so it’s important to arm your workforce with information and techniques to prevent these types of cybersecurity events from occurring. But how do you disseminate information from human resources or risk management teams, particularly in a large organization? Is it by email or internal content management system? Unfortunately, important emails often go unnoticed by employees—and internal CMS’s aren’t religiously trafficked.
To help ensure your information gets to your intended audience, companies need to try something more engaging. One solution—a custom mobile application for communicating important cybersecurity information to your workforce. Think of it like a newsfeed app—just for important internal communications like cybersecurity.
At ChaiOne, we’ve worked on similar projects for clients to help ensure more effective, engaging content dissemination. In most cases, we even have an offering where we can deliver a proof of concept in just 1 month. The result? Important educational cybersecurity tools get in the hands of more people within your organization—resulting in significant costs savings.
As our world becomes more connected and technologically advanced, enterprise businesses have a wide remit to better protect their networks and educate their workforce. Thankfully, there are resources on the market today to combat these security threats—especially as more and more businesses make the decision to shift to digital organizations.
Want more content from ChaiOne about the digital enterprise environment? Watch our webinar: Best Practices for SAP Mobile Strategy.