With more items gaining web connectivity as part of the Internet of Things movement, the need to protect physical devices from hackers will only increase.
Our increasingly connected world gives hackers even more ways to exploit technology for malicious purposes. We’re now entering a period when cyber-attacks could cause major physical damage. To protect people from these combined cyber and physical threats, information security experts and law enforcement, which traditionally handles physical security, will have to share strategies.
There was the Stuxnet computer virus that stymied Iran’s nuclear program by targeting the centrifuges that enriched uranium. Stuxnet is considered the first program that showed how malware could cause physical damage.
With IoT, hacks get physical
Now with more items gaining web connectivity as part of the Internet of Things (IoT) movement, the need to protect physical devices from hackers will only increase. Information security professionals will be called upon to make sure attackers can’t tamper with the brakes on our autonomous cars or hack our smart thermostats and turn off the heat in our home during the winter.
Digital revolver offers classes on Security on many levels, Checkout the courses which suits you the best….
Talking about these flaws, which researchers have already discovered, isn’t meant to spread fear. Raising these topics will hopefully result in security being included in a product’s development instead of being treated as an afterthought.
Fortunately, the key steps companies can follow to defend physical assets—proper planning, thorough testing and extensive collaboration—can also help defend against cyber attacks.
Plan for what could happen
Companies need to follow this process when responding to an information security incident. Quickly remediating a threat isn’t enough. Security teams need to consider what else could have happened. Attacks often contain components that are intentionally easy to detect, leading security teams to falsely believe they have fully stopped an attack. In reality, elements remain that allow the attack to persist. Just detecting the smallest sign of atypical behaviour can allow security analysts to discover the entire attack. For example, a computer that’s running slow could be infected with malware, which could mean a company was the target of a phishing attack and an employee clicked on a malicious link.
Proper planning also means developing an incident response plan that includes the input of key people in every department. Often times only a company’s IT and security personnel are involved with planning because they’re the ones
who handle a breach. But dealing with the fallout from a security incident requires the efforts of the whole company.
Improve your plan with testing
Conducting a full-scale simulation is the best way to test how your security plan would hold up in a real-world incident. Holding drills will expose any of the plan’s weaknesses, providing companies with an opportunity to improve it before a real incident occurs.
Red team-blue team exercises offer an opportunity to merge physical testing and cybersecurity testing and determine how physical systems can protect online systems and vice versa. In many organizations, protecting gigabit Ethernet is a priority for people handling physical security, since being online is essential for all businesses. Knock out a business’ web connection and that takes down its email, IP phones and employee access to servers. From an IoT perspective, conducting penetration testing on a product will expose vulnerabilities, allowing a company to fix them before the item goes on sale.
And don’t forget to allow employees to weigh in on the security plan. Often workers have the best advice on what additional details would improve it.
The rise of machine, AI also is becoming the future of Security
AI has impacted our day-to-day lives for years, whether that’s automated voice calls or virtual personal assistants – like Siri – or even self-driving cars.
The next step is to implement AI technology into personal and cyber security systems.
Currently, one or two guards will monitor a bank of security screens, and it is a successful method of security, but it is not full proof.
Eliminating human error is a key driver behind bringing Artificial Intelligence to security through intelligent video analytics.
And this is only the beginning of the help AI is already providing to security. The future is limitless. To learn more about how DR is enabling professional and students with AI, visit our list of courses.