FEATURE: INTERNET OF THINGS
//////////////////////////////////////////////////////////////////////////
appointments and eventually cost the UK
government nearly £100 million.
Still, even lessons as powerful as WannaCry
can be hard to learn. A 2018 report from the
UK Parliament revealed that the 200 medical
facilities checked in the wake of the attacks
failed their cybersecurity tests.
Introducing IoT-enabled devices into an
already lucratively insecure environment
merely increases the attack surface and
provides creative new ways to make money.
While the cybercriminal imagination in this
area is likely dreaming up all kinds of new
ways to exploit this, the same problems keep
rearing their heads.
Medical cybersecurity often privileges the
protection of patient privacy – a noble aim,
but one that cannot cover all the security
concerns of the technology now being used.
Privacy alone is no longer enough.
The risks to medical technology are
specific, but they are not unique. In
fact, they are representative of a larger
problem within cybersecurity which is less
a question of products or devices than it is
a question of mindset.
To use an admittedly tired analogy, the
castle walls can no longer hold. Traditional
tools like perimeter security and macro
authentication. The castle walls will protect
INTRODUCING IOT-ENABLED DEVICES
INTO AN ALREADY LUCRATIVELY
INSECURE ENVIRONMENT MERELY
INCREASES THE ATTACK SURFACE AND
PROVIDES CREATIVE NEW WAYS TO
MAKE MONEY.
security mindset is no longer keeping pace
with the reality of today’s threat landscape.
For many years now, the castle-and-moat
concept has been the reigning idea about
how to protect a network embodied in
44
INTELLIGENTCIO
inside is. And they’ll do whatever they have
to, to get at it.
Cybercriminals have become extremely good
at making their way past perimeter defences
undetected. From there, their victims often
rely so much on perimeter defences that
they often have free roam of their victim’s
network – they can start lateral movement
and edge ever closer to the critical systems
and data that they’re after.
the network and with enough fortification,
any assault on the outside walls will be
rebuffed, hopefully. Furthermore, it has become easier for them to
do so. The changing nature of the perimeter
has meant that we can no longer draw a ring
around the data centre and be satisfied with
protecting that. The cold hard facts of BYOD,
cloud computing and other innovations that
take data out of the castle, have provided
access vulnerabilities which make it far easier
to penetrate a network, especially when
organisations have not done the necessary
homework to police that access.
Getting through the walls is not the primary
aim of a cybercriminal; getting at what’s So, if for example a misconfigured
database or an unpatchable sensor gets
www.intelligentcio.com