Wednesday, March 30, 2016

(The Big Disrupt) IoT Security: why CISO's can't afford to get IoT security wrong

While a relatively new role in most organizations, Chief Information Security officers (CISO) find themselves and the subject of much discussion that's unlikely to abate as CISO's security remit expands as more and more organizations become connected and data driven. 

Much of the discussion surrounding the role is mostly centred on CISO plans to tackle threats to their existing networks but the real debate is how CISO plan to tackle the 7 headed monster that is the Internet of Things (IoT). There isn't an organization in modern business that isn't data driven and with the increased adoption of the IoT, CISO's and their organizations across the board  not only have to find ways to at once store and exploit the influx of data generated by IoT enabled devices but secure the network from threats. 

In truth it's a baptism of fire for CISO's as the role is largely a sharp reaction by organizations to stem the recent rash of data security breaches which has gained CISO's a lot of attention from the press and significantly large budgets to play with to stem the growing tide of expensive and humiliating data breaches.    

However, despite larger budgets CISO's face significant challenges mostly posed by their superiors. According to a survey carried out by the Ponemon Institute, an incredible 72% of CISO's said that it's been 12 months since their board directors has been informed of their organization's cybersecurity strategy and 66% believe their leadership don't see IT security  as a "strategic priority" and need more staff with solid skills and experience. All this explains why, according to the survey, CISO's are pessimistic about their organization's ability to keep IoT secure with only one third of CISO's believing that their organizations can deal with the security risks attached to the IOT.   

It's no surprise that so far CISO's are so pessimistic as they have found it difficult to secure the IoT as the IoT has proven to be dangerously vulnerable to breachesThis is a major concern among CISO's and organizations invested in the technology as the scale and almost infinite applications of the IoT make it a big target for hackers which is terrifying as IoT is being used to connect everything from cars to household appliances to the internet and each to other. 

While the Internet of Things is currently a B2B/B2G technology, the increased use of the technology in consumer goods such as wearable tech and smartphones will dredge up privacy and security debates that have increased in ferocity since the Snowden revelations.  The recent skirmish between the FBI and Apple will be nothing compared the potentially nasty legal battles between organizations and law enforcement agencies looking to track suspects 

All of the above will surely keep CISO's up at night as they really can't afford to get the IoT wrong as the implications of doing so are wide ranging and to a certain degree, unknowableUnfortunately, getting the IoT wrong will almost certainly cost CISO's their jobs and a king's ransom in legal fees as CISO's are often the target of lawsuits after a breach so much that insurance companies have created insurance products which covers security professionals against large data breaches.   

In sum, CISO's go to work with a big target on their back and with the increasing adoption of IoT among enterprises and consumers, that target will only get bigger. 

(The Big Disrupt) Apple: why apple has lost it's fight with the FBI

As the Apple v FBI scrap comes to an end, the FBI's revealing that it can hack iPhone without Apple's assistance is a body blow of mass proportion for the Cupertino based tech giant.  

The FBI's announcement arguably leaves Apple in worse position than if they complied with the court order as if Apple complied with the order they would have at least  been able to monitor the data FBI was accessing. However, with the FBI revealing it can hack into Apple's iPhone and sparing no details on how they did it, the FBI has effectively destroyed the credibility of Apple's devices.  

The FBI clearly were playing a long game with Apple by first pursuing a overreaching court order they knew Apple wouldn't comply with  creating a very public debate about a complex issue where there's no easy answers.  

The FBI in truth could have found a way to get round Apple's robust encryption practices long before this point but the FBI, who have been one step behind Apple since it started taking encryption of its products seriously back in 2014, has in one announcement undermined Apple stance on consumer privacy and the security of their devices. 

What's worse is that Apple from this point onwards won't have a clue when the FBI force entry into their devices which means they can't even keep a track on the FBI accessing their customer private information. This is bad news for Apple  as the FBI's announcement could destroy the B2B market for their devices as organizations across the board have become more security conscious than ever and are less likely to invest in devices that can be compromised by law enforcement. 

FBI's announcement will certainly affect sales of their devices in Europe as the continent in the post Snowden age have become more aware and as a result taken an aggressive stance towards Silicon Valley giants on a wide range of issues including privacy. 

However, the wider implications of the FBI's announcement is that Apple, unless the FBI reveals their new method for accessing devices,  won't be able to improve their security position. What this means in practice is that because the FBI has found a way to access their devices and  aren't going to reveal how they did it, Apple can't make security updates which seriously increases their devices vulnerability to attacks. 

Worst still, if the FBI doesn't reveal how it accessed Apple's iPhone, it's only a matter before law enforcement and intelligence agencies in other countries find and exploit the weakness in Apple's encrypted devices and end up being subject to a precedent they fought so hard against back in February till now. 

In sum, the FBI announcement demonstrated that they're good at framing public debates and even better at strategy but the real takeaway from the FBI and Apple clash is that the real losers are consumers.  


Related Posts Plugin for WordPress, Blogger...