As consumer demand for the Internet of Things (IoT) increases, more and more enterprises are joining in on the movement, transforming their outdated business models, improving operational efficiency and generating additional revenue streams. In fact, Gartner predicts there will be 25 billion Internet-connected things by 2020, and nearly $2 trillion of economic benefit globally. Enterprises that fail to innovate and leverage the potential of the IoT as part of the digital business transformation run the risk of losing customers to competitors and frankly, becoming less relevant.
The Insecurity of the IoT
Despite its economic potential, though, the IoT introduces serious enterprise security concerns. Every connected device serves as a potential entry point for malicious hackers, and as the IoT expands, so does its potential attack surface. In fact, the DDoS attacks that led to widespread Internet outages late last year serve as an example of just how vulnerable the IoT is and the large impact that these seemingly benign devices can have.
While this attack was mainly initiated on the back of consumer devices, it was a landmark event in proving that security concerns surrounding the IoT are well-founded. If enterprises aren’t yet paying attention to security vulnerabilities inherent in internet-connected devices, this is a very clear wakeup call that they should start.
In many corporate networks, workers can bring in any device and connect it to the wireless network (and sometimes even the wired network, which is far worse). Most of these devices are fundamentally insecure, with a default password that can be easily guessed.
This is a big problem because any new device connected to a network provides another access point for hackers. It could be a series of industrial sensors put in place to make manufacturing equipment run more smoothly, or an internet-connected coffee machine for the office. But either way, it’s another potential weakness that hackers will try to exploit. And yes, attacks through internet-enabled coffee makers have already happened.
As internet-connected devices make their way into the enterprise at breakneck speed, there will physically be no way to keep up with the volume of new security vulnerabilities. Even for organizations with robust cybersecurity resources, the volume of incoming security alerts has already proven to be too high for workers to adequately investigate, prioritize and resolve potential threats. In fact, according to research from EMA, 80% of organizations receive up to 500 “severe” or “critical” cybersecurity alerts per day, but less than 1% of those alerts are actually investigated. The IoT will massively compound this problem.
Automation and AI Benefits
Automation and artificial intelligence (AI) are the only viable approach to combatting IoT-based cybercrime directed at the enterprise. Think about it: If an average cyber analyst can handle 10 alerts each day, enterprises would need 50 cyber analysts working 24/7 to handle a typical amount of 500 incoming daily alerts. And if 80% of organizations are seeing 500 severe or critical alerts today, imagine how many they’ll see once they increase potential access points with IoT devices.
The math just doesn’t add up. And attempting to hire away the problem simply isn’t feasible.
AI-based security tools have the ability to automatically investigate every alert, instead of simply prioritizing alerts to match capacity. They can automate the collection of contextual information from other network detection systems or logs and immediately exonerate or incriminate threats. AI-based security solutions can also automate the remediation process (i.e. quarantine a file, kill a process, shut down a CNC connection, etc.).
Not only can AI effectively automate the overwhelming and repetitive nature of IoT security efforts, but it can also allow (human) workers to focus on more valuable and nuanced initiatives. Often, organizations bristle at the thought of introducing automation and AI-based tools, worrying that it will require replacing their valued employees with automatons. However when it comes to cybersecurity and incident response efforts, a healthy combination of Automation, AI and humans is most effective.
Dwight Eisenhower once said, “What is important is seldom urgent and what is urgent is seldom important.” This is a fantastic mentality for prioritizing, however for cybersecurity professionals, everything is urgent and important all the time. To be able to focus on important, strategic cybersecurity topics that aren’t necessarily urgent — and more importantly, to determine what exactly those important, strategic topics are — enterprises need to leverage AI to automate their incident response strategy. In doing so, they’ll establish modern, effective security processes capable of combating the increasingly powerful threat of IoT-induced cybercrime.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.