business
‘‘
TALKING
////////////////////////////////////////////////////////////////////
themselves with the two main security
apprehensions: protecting the data when
an attack does threaten the devices and
having a prevention programme in place to
find potential threats before they happen.
IoT can bring extraordinary capabilities and
improved efficiency, but organisations must
take steps to protect themselves.”
through automated solutions that can handle
massive scale in ways that manpower cannot.
As technology advances, it’s imperative that
enterprises do not jump on new technologies
as they will inevitably contain security
vulnerabilities that enterprises may not be
able to immediately upgrade equipment for.
Enterprises can often find themselves on a
back foot as these systems are often unable
to be patched effectively, leading to new
widespread threats from malicious actors and
security vulnerabilities.
Martin Thorpe, Enterprise Architect at
Venafi, contributed:
“IoT devices are rarely built with more than
basic connectivity in mind. As a result,
security takes a back seat and research has
found that nearly 70% of IoT devices are
known to be vulnerable to attack.
“Considering the number of machine identities
that businesses deal with every day, trying
Martin Thorpe, Enterprise Architect at Venafi
to address the problem manually is simply
not viable. Only machines can move at the
required speed and so firms need to automate
their machine identity protection. This means
having tools which can discover every identity
on the network, monitor them throughout
their lifecycle and immediately revoke and
replace them if there is a security threat.
Without automation it’s a matter of when, not
if, your IoT network falls victim to attack.”
Graeme Rowe, EMEA Marketing Director,
Pindrop, commented:
“As enterprises make voice-enabled devices
more commonplace, a major security risk is
developing for businesses. Recent research
conducted by Pindrop into what we term
the ‘Conversational Economy’, discovered
that within the next 12 months, 85% of
40
INTELLIGENTCIO
Graeme Rowe, EMEA Marketing
Director, Pindrop
companies will implement voice-enabled
devices; however, only 20% of IT Directors
understand how to protect the data acquired
through this technology. As fraudsters make
use of smart devices as a new attack vector
– using voice spoofing or voice manipulation
techniques to work their way past existing
security measures – enterprises must ensure
they have the multi-layered protection in
place to mitigate against attacks. A failure
to do so will result in significantly reduced
customer trust and hefty fines.
“The problem with existing voice biometric
authentication services is that they don’t have
the level of sophistication to detect fraudsters
and effectively authenticate customers.
This leaves enterprises and consumers alike
exposed to sophisticated hacking measures
like voice synthesis. Without a Machine
Learning-based biometric solution in place that
is robust enough to analyse, for example, voice
ageing, voice spoofing and background noise,
legitimate customers may find themselves
locked out of their accounts, while fraudsters
will be able to engineer their way inside.
Businesses must start preparing themselves for
the voice-led revolution that is to follow.”
“Historically, organisations addressed this issue
by creating an ‘air gap’, ensuring systems
weren’t connected to Internet systems in
any way. While this was effective previously,
today’s organisations need to keep pace
with more connected environments and take
advantage of IoT technologies throughout
their operations. However, layering new
IoT solutions on top of legacy systems or
removing the air gap and connecting modern
networks to the wider enterprise and third
parties opens up vulnerabilities and new
pathways for attacks, with threat actors
increasingly targeting employees in order to
obtain privileged credentials.
“To mitigate this threat, enterprises can
implement privileged identity and access
management tools. This enables them
to secure their privileged credentials,
implement granular access controls for both
third-party and internal users and provide
an auditable history of what was accessed
during any session. This not only secures
access to networks and IoT devices, but
also empowers IT teams to report quickly
and efficiently on any potential untoward
behaviour they find on the network." n
Karl Lankford, Lead Solutions Engineer,
Bomgar, elaborates:
“With IoT, enterprises must consider every
device that could ever feasibly reach their
assets. And every one of these new connected
devices and systems has an administrative
back door that represents a risk. In the past,
enterprises dealt with these administrative
controls through manual processes. The new
reality of IoT means the only way to properly
secure administrative access to all systems is
Karl Lankford, Lead Solutions
Engineer, EMEA, Bomgar
www.intelligentcio.com