Handling the IoT Security Threat
In conversation with Saurabh Sharma, Senior Security Researcher, Global Research & Analysis Team (GReAT), Kaspersky; and Sidharth Mutreja, Enterprise Solution Architect, Kaspersky
SIDHARTH MUTREJA, & VALERIE MAGUIRE Kaspersky
Cyber threat is a serious issue faced by organisations worldwide and India is not far behind in terms of being a target of cybercriminals. Can you give us an overview of this threat?
Saurabh: According to Kaspersky’s Cyberthreat Real-time Map, India is ranked fifth in the Asian region for web threats in May’19, targeted at both government and private institutions. There have been 4 lakh attacks in a single week and defence and nuclear sectors re the most vulnerable. These attacks are not random, but specific targeted attacks, web-based, networked attacks. The attacker keep on coming back with a new strategy, so they need to be continuously tracked.
Siddharth: The security solutions have to be designed towards client enterprise systems, keeping in mind the business goals of the clients about in which areas they want to grow. Also, predictive analytics need to be studied to proactively counter attacks. With the growth of IoT products, threats will grow in number and will become more complex. Hence, solutions have to be designed accordingly.
Can you elaborate upon the threat to IoT devices and the strategy to counter it?
Siddharth: IoT is a complete system of sensors and detection devices, the information pathways networks and the cloud to store and analyse the information received from the devices across the network pathways. Security solutions have to be devised taking all the three components in mid viz. IoT device, the networked pathway through which the information follow and the cloud. Back- end network has to be fortified with encryption.
What are some of the challenges in designing a security system for IoT products?
Siddharth: Today’s business model expects the IoT products to be released to the market immediately. This often doesn’t give enough time to gauge the level of security that can be designed to protect the gadget. IoT can have a lot of products linked to te network and compromising any one of them can comprise the entire network. Hence, care has to be taken to secure all the interconnected devices, their networked pathways and the cloud at the time of the release of the products to the market. In the hybrid loud model of large enterprise, the on-premise physical infrastructure and storage, as well as the cloud along it the networked pathway needs to be made secure. Saurabh: It is often very difficult to identify the exact location from where the attack is coming. Hence, predictive analytics to pre- empt attacks is very important, especially in finance sectors and in government organisations such as defence. Cyber exploitation activities are becoming more sophisticated, more targeted and more serious. We at Kaspersky detect around 370,000 malwares every day.
Cyberspace today is very dynamic and has constantly new vulnerabilities. We aim to develop strategies and best practices that will help enterprises respond to today’s security challenges as well predict and prepare for tomorrow’s threats