Are ex-hackers the way to keep IoT secure? – Part One
Adrian Crawley, Radware
Hacker is a dirty word. It conjures up images of someone locked in a dark basement coding into the night and unleashing digital horrors on the unsuspecting, writes Adrian Crawley, the regional director for Northern EMEA at Radware.
While that may be the stuff of movies, one thing is true, these people have a unique skill; an ability to pinpoint a weakness and write code that will exploit it. Their coding acumen is extraordinary and they are capable of bringing down multinationals within minutes, or developing long slow burning programmes that are harder to detect. Either way the damage they can do can take a business to the brink.
It may seem strange then to advocate cultivating them as a force for good. However, that is exactly what security experts are doing and the trend is now starting to take off in business. To the extent that 20% of companies in the UK have already used the services of an ex-hacker to test their network and 37% are seriously considering it.
Why? It’s a case of keep your enemies close.
Security is a constant battle fought on so many fronts. The physical security of your building and the people who cross the threshold, to the devices that are connected to your network, there truly are threats everywhere you turn. Threats that are changing daily – just look at the success of Pokemon Go and the security baggage it’s brought with it. Who’d have thought businesses would be fighting the risk of virtual creatures.
It illustrates the point that there are so many weaknesses known and unknown, with too little time to understand them all. You have to hope the defences you have will hold tight while you look for the long-term solution to the risks that are most prominent to your business.
Just as virtual and augmented reality have caught security experts out in recent weeks, so IoT adds a new dimension too. For many companies it will be the strategy that evolves their brand and grows market share. It brings with it excitement and a new way to offer services that will make people’s lives easier.
But while the board may sign off the strategy, the actual implementation will fall to many parties, some in house and some external. No matter who delivers it one thing is clear, it bring in a complexity that may never have been dealt with before and therefore a new frontier in terms of integration and security.
There are therefore two challenges with IoT; keeping the existing infrastructure secure, and finding a way that ensures integrating the disruptive technology doesn’t disrupt the security status quo.
Research shows that executives are concerned about the Internet of Things (IoT), with connected devices identified by 29% as ‘extremely likely’ to be a target for cyber criminals over the next three to five years. Interestingly though, although businesses understand the threat, many are unsure how or where to direct their resources to defend against it.
And that’s why 20% of companies are turning to ex-hackers, with 37% considering it. They are seen as a means to monitor the threats that exist and test the security policy you have. They can scan the horizon and spot threats not yet identified and they can spot the black hole in a new product implementation a mile off. Gold dust if you want to stay ahead of the competition, especially in the IoT race.
The growth in IoT developers means that many companies do not have to create solutions themselves. They can turn to the specialists who are running slick operating models that keep development costs low, and they will have the know-how to create wow products in a way many companies can’t possibly do in house without setting up new departments.
As there will be such a reliance on these specialists, companies need to ensure that the security between the two parties is watertight. That can only come from building security in at the start rather than overlaying it. Security has to be an inherent feature of the design and a pre-requisite for tenders to progress to a selection process.
We’re not talking just about the security of the product and how fits in with the existing billing, CRM and communications infrastructure either. It’s also about ensuring the security exists at the very edge of the network too – all the things that will be attached have to be secure. There must not be a gateway.
That’s where an ex-hacker can help. They can help identify the risks you will face when rolling out solutions and those they anticipate will come along as technology evolves. They can test the suppliers and work with them to make improvements based on their insider knowledge. They will think like a hacker to your advantage.