Connect with us

IOT

Bringing Shadow IoT Devices into the Light on Corporate Networks

Avatar

Published

on

Illustration: © IoT For All

As employees purchase and connect millions of new IoT devices every year, they are increasingly bringing them to work and connecting them to corporate networks. This innocent act opens corporate networks to potential attack from competitors, hackers, and other adversaries.

Companies need to be aware of these shadow IoT devices and ensure they are protected against them, both through smart cybersecurity strategies, as well as by promoting a “security by design” approach with companies that manufacture these devices.

To help you learn more about shadow IoT, the experts from Kudelski Group have used their knowledge to answer our questions.

  1. What is shadow IoT and how does it typically creep into an organization?

It is often quite easy for individuals to add internet-connected devices or networks of devices to corporate networks without IT’s knowledge or approval. These devices range from personal fitness trackers or digital assistants to small networks of smart home devices connected wirelessly to each other. Typically users are adding these devices for personal convenience or to help them do their job, without understanding that they are potentially adding risk to the enterprise environment. And today, the vast majority of these devices are not secure by design.

  1. How much of a threat is Shadow IoT to organizations?

As part of our IoT division we have advanced evaluation Labs in Switzerland that review hundreds of products per year, breaking them down to the silicone to analyze potential vulnerabilities in both hardware design and the firmware that controls the device. From this experience, we have found that all of them have identifiable security flaws which increase the risk of compromise – weak device passwords or passwords stored in the clear, no data encryption, or unpatched software vulnerabilities.  Many of them even have built-in security measures in their components, but fail to implement them. Additionally, a long-term security strategy for these devices is often an after-thought. This is especially true for consumer-oriented IoT devices that are likely to be the bulk of shadow IoT devices on a network. Because these devices can often be easily compromised remotely and are already attached to corporate networks, they represent an easy attack vector to access more valuable corporate assets. Our IoT team regularly advises product manufacturers on a ‘security by design’ approach that not only helps define a secure product architecture but also to plan ahead for ongoing security lifecycle management for their devices and ecosystem.

  1. What threats take advantage of shadow IoT? Have there been any examples of shadow IoT causing security issues or other problems? If not, what problems could shadow IoT deployments create for organizations (i.e. unsecured infrastructure as well as unsecured data, extra costs, redundancies, etc.)?

Insecure IoT devices can provide a point of initial access to corporate networks. Often this is as simple as logging in to internet-facing management consoles on one of these devices using default credentials that have not be changed. From there attackers may be able to use the devices to conduct reconnaissance, move laterally or even launch certain attacks inside the organization.

For example, there is a North American casino where the facilities management people installed a connected fish aquarium without consulting their IT department. A creative hacker used a vulnerability (WiFi password stored in the clear) to penetrate the casino’s internal networks.

  1. Have any cyberattacks happened as a result of shadow IoT deployments?

Yes. There are well-publicized instances of large-scale attacks that exploited consumer-oriented IoT devices, namely the Mirai and RIFT botnets. Whether IoT devices are sanctioned or unsanctioned by IT, they represent a risk to organizations which should be identified, analyzed and mitigated.

  1. What steps can/should an organization take to prevent shadow IoT from becoming an issue? What can an organization do if it already is a problem? 

Visibility is the first step for either prevention or remediation of a shadow IoT problem. Organizations must understand what devices are connected to their networks before they can effectively address the challenge. Our philosophy is to build in security and effective management from the start, but there are a number of IoT-focused tools on the market that enable visibility and provide some context for how much risk is posed by a particular IoT device. With this knowledge, organizations can develop and apply a policy-based approach to isolate or block unknown IT and IoT devices which attempt to connect to corporate networks. As an example, many organizations allow these devices to connect but only to a network segment specifically for untrusted devices that has no access to corporate resources.

Ultimately, this problem will only be fully solved when consumer electronics companies and other device manufacturers start to take both initial security architecture as well as long-term security lifecycle management strategies more seriously. Often in the rush to innovate and beat their competitors, security is deprioritized and shortcuts are taken, leaving gaps that pass the problem down the line to corporate IT organizations. The security by design approach taken from the beginning not only prevents this but helps protect everyone across the entire value chain: manufacturer, consumer, and company networks.

Source: https://www.iotforall.com/bringing-shadow-iot-devices-into-the-light-on-corporate-networks/

IOT

Panel: Smart Manufacturing as a Driver for Business Outcomes – Investing in Industry 4.0

Avatar

Published

on

Digital transformation offers promise to industrial organizations to weather the uncertain economy, but deploying digital technologies is frequently challenging.

The manufacturing sector is facing a unique set of headwinds and tailwinds. According to Omdia research, only half of industrial companies have begun a digital initiative. Among those that have, roughly 40% of organizations fail to achieve an expected payback for their digital investments.

In this video, Omdia principal analyst Alex West discusses this situation with Farid Bichareh from the Industrial Internet Consortium, Marylin Glass-Hedges from Daimler Trucks North America and Steve Holdsworth from Crescent Electric Supply.

Source: https://www.iotworldtoday.com/2020/09/18/panel-smart-manufacturing-as-a-driver-for-business-outcomes-investing-in-industry-4-0/

Continue Reading

Big Data

Strengths of Employing Data Science in Healthcare

Avatar

Published

on

Illustration: © IoT For All

Data science employing big data for healthcare needs and the extraction of valuable business insights greatly transformed the medical industry and brought revolutionizing results in care efficiency and personalization. 

According to Global Market Insights, the healthcare analytics market size is expected to grow by 12.6% by 2025, and the prescriptive analysis sector is the one that will witness the highest level of expansion with 15.8% against 13.2% in the clinic end-use segment.

Access to medical databases leading to the deployment of data makes it possible to shift from medical treatment that takes up a lion’s share of healthcare budgets, and rather focus on identifying the preventable illnesses (for instance, two leading avoidable deaths conditions are ischaemic heart diseases and lung cancer) and primary and secondary prevention.    

Big Data Benefits

Medical data is a powerful resource for deriving valuable insights and reducing data waste. In the context of new reality associated with an overload of healthcare and pandemic challenges, big data can assist healthcare providers in detecting health-related patterns turning vast data into actionable information vital in medicine and medical industries.

Aside from patients getting whose experience of healthcare service can be enhanced as a result of applying data science, the stakeholders interested in the implementation of big data in the healthcare sector include healthcare providers, the health tech industry, pharmaceuticals, and health insurance agencies.

Among multiple benefits of employing big data in healthcare, the following ones come on top: 

  • Implementation of data science in healthcare allows to create comprehensive patient profiles.
  • It provides instant identification of patterns in treatment outcomes
  • It enhances patient satisfaction
  • It facilitates hospital administrative workflows 
  • It optimizes medical procedures by increasing care efficiency
  • It enables the medical industry to be more cost-effective. 

Overall, data analysis in healthcare ensures a highly personalized approach to customers and processing of an individual patient model that can map out their health history and health course trajectory digitally, which implies multiple sharing options, wide diagnosis capabilities and deeper engaging patients in medical decision making. 

Furthermore, the data analysis helps to improve the productivity of the healthcare sector as it enables the medical industry to maintain the high quality of the service with fast processing of a large amount of existing (and prospective) medical data at a reduced cost. 

Although the application of healthcare analytics is somewhat limited in Europe, a pandemic caused by COVID-19 forced authorities to reconsider the previously imposed restrictions and give the green light to healthcare( in particular, predictive and prescriptive) analytics initiatives.

Big Data Challenges

Due to the sensitivity of health data, its fragmented nature, the enormity and complexity of databases, and the special importance of privacy-preserving technologies, data science in healthcare can face certain challenges. 

In particular, challenges of processing and analyzing big data in healthcare that might restrain the market growth mostly pertain to: 

  • the shortage of  IT professionals with relevant expertise
  • data integrity issues 
  • ensuring data safety. 

Besides, complexities of regulations and lack of unified procedures in the healthcare industry can create barriers to wider application of data analytics by medical providers and hinder the growth of the health data analytics market.  

Data Science Applications

Data science in healthcare ensures a full overview of the patient’s profile in real-time as it lets process clinical information including patient demographics, diagnosis, medication, procedure, lab results, and additional clinical notes.  

The large amounts of medical data that became available in healthcare organizations resulted in opening opportunities for successful completion of multiple data science projects: among illustrative applications, the most outstanding belong to practical clinical environments. 

A number of pioneering organizations (Cerner Corporation, International Business Machines Corporation, MedeAnalytics, Oracle Corporation, etc.) generate use cases in and outside the clinical environment to show the potential of further exploration of data science in healthcare and its positive transformation. 

They made a breakthrough in the market of wearables (they covered the various domain areas including fitness, exercise, movement, physical activity, step count, walking, running, swimming, energy expenditure, etc.), and diagnostic tools demanding implementation of advanced analytical models. 

In general, the incomplete list of data science applications includes the following areas: 

Medical Imaging

In this particular scenario, computers demonstrate self-learning abilities to interpret MRIs, X-rays, mammographies to recognize patterns in the data and find tumors, or any organ anomalies. 

Genomics

In this case, data-processing tools through analysis and interpretation help to come to an understanding of data from next-generation sequencing experiments.

New Drug Launch

Pharmaceutical companies use data science to make financial predictions and the potential market impact of a new drug by analyzing the operational pipelines from manufacturing agents to end-use consumers.

Predictive Analytics Purpose

By extracting deliverables from data, medical industries use it to predict trends and behavior patterns to enhance healthcare customer experience and calculate probabilities of medical outcomes based on the statistical approach.

Monitoring Patient Health

By storing digital health-related information of the patients, healthcare providers can improve the productivity of healthcare delivery systems. Besides, data analysis is used to monitor health parameters including blood pressure, body temperature, and heart rate in real-time.

Tracking Health Conditions

Data science can provide ongoing accurate tracking of health conditions and mark potential cases that a patient is prone to. For instance, data science proved to be an invaluable asset when it comes to assisting individuals with diabetes in keeping track of the meals, physical activity zones, and blood glucose levels. 

Providing Virtual Assistance

With the comprehensive platforms available due to data science, patients are provided with the means of identifying the disease by entering the respective symptoms in the application search bar. The virtual assistant will immediately identify the condition and offer to choose the possible health solutions.

Data Science Access 

Access to big data and data science in healthcare made a positive impact on the practice of medicine with widening capability of medical professionals to apply data-driven decision making, take a personalized approach while treating patients and instantly checking real-time data against patients’ profiles for delivering high-quality healthcare. 

It allows us to be confident in forecasting the bright future of data science and further development of tools for comprehensive analysis in healthcare linked in the expansion of the market of data science applications.  

In addition to providing new levels of data completeness and interoperability, they can successfully address, among various issues, the problems with disease prevention, symptoms, monitoring health conditions, dosage calculations, and pharmaceuticals. 

Source: https://www.iotforall.com/data-science-healthcare

Continue Reading

IOT

IoT Security & Education: Toward a Secure Connected Campus?

Avatar

Published

on

Illustration: © IoT For All

IoT devices are everywhere and starting to be used in many industries, as well as in public places. Technological innovations and advancements make it possible for our devices to become smarter, but in some sectors, the adoption rate has been quicker than others.

Education is one sector where adopting new technologies takes longer than many other industries. Smarter devices could improve the interaction between students and teachers as well as provide more efficient education and learning. However, there are specific security concerns involved that have to be taken care of first for schools to adopt devices that would replace traditional books and notebooks. This article takes a look at some of the challenges faced by the education sector when it comes to the use of IoT.

State of the Education Sector

When it comes to the education sector and IoT, there are many changes possible that the entire industry could utilize making it look completely different in the timespan of a year or two. IoT provides the kind of value that other technologies don’t by advancing education so much so that its structures and environment could change completely.

Today we have schools and educational institutions sticking to the traditional ways of operation. However, there are also schools that use IoT which allows them to offer more personalized learning at a higher level of efficiency. The use of smart devices on campuses and in schools can improve the students’ access to relevant information, as well as help manage the entire classroom with more transparency and efficacy.

Education Use Cases

Below are a few interesting use cases reflecting the benefits of IoT in the Education field:

Enhanced Student Acquisition
  • Improved understanding of prospective students and their educational needs.
  • Improved forecasting and acquisition of students and faculty through integration of mobile apps to website navigation.
Improved Student Experience
  • Distance learning integration.
  • Student life analysis through device integration for any early detection of patterns that require course corrections for improved academic outcomes.
  • Develop courses and curricula that meet student needs effectively based on student sentiments and their interests.
  • Differentiated services and cost reductions for improved operations.
Research Experience
  • Accelerated research through device integration for faster experimental data collection, and integrated analytics with predictive capabilities

Cybersecurity Concerns

In open environments such as the ones nurtured by higher education institutions, cybersecurity can be a massive problem. It’s quite difficult for many institutions to implement proper cybersecurity practices while striving to teach and share information with anyone who may need it. The enormous number of students passing through an institution’s system each year certainly does not help in that mission, as they all use their personal devices.

The threats could be more severe than you might think, not only for the devices but also the data that is managed by educational institutions. In Florida, there was a cybersecurity data breach through the security system of a virtual K-12 school that jeopardized the safety of the sensitive student and parent personal data. It included the names and birth dates of students, email addresses of the parents, as well as Social Security numbers of the teachers.

Cases like this, clearly show that the level of cybersecurity in the education sector isn’t on a high enough level to deter cyber criminals.

Solving Cybersecurity Concerns

The problem of IoT-related security concerns isn’t exclusive to the education sector but the sensitivity of the assets we are expected to protect in this field is particular. Therefore, Educational Institutions must start teaching cybersecurity not as “a best practice” but rather “by practice”. One way is to start teaching the young generation about cybersecurity in a fun and practical way. As a great example, ISSA France – the 1st French-speaking European chapter of the Information Systems Security Association (ISSA) has just launched a Holiday Workbook presenting cyber risks to children and their parents.

Besides, to be able to trust IoT devices, connected education campuses must drive a dedicated IoT risk analysis and adopt security assurance by design, rigorous testing, and security standards for the devices and systems in use.

Only by knowing where the weaknesses are and how they can be exploited can we deter cybercriminals from breaking into internet-connected systems to steal sensitive data and cause a massive amount of damage.

Source: https://www.iotforall.com/iot-security-education-campus

Continue Reading
Nano Technology4 hours ago

Physicists make electrical nanolasers even smaller

Nano Technology4 hours ago

Nano-microscope gives first direct observation of the magnetic properties of 2D materials: Discovery means new class of materials and technologies

Nano Technology4 hours ago

Who stole the light? Self-induced ultrafast demagnetization limits the amount of light diffracted from magnetic samples at soft x-ray energies

Blockchain4 hours ago

Brace for it – Bitcoin Futures may be nearing a tipping point

Blockchain5 hours ago

Tron, Synthetix, VeChain Price Analysis: 19 September

AR/VR8 hours ago

Someone Remade ‘Among Us’ in VR and It’s Strangely More Fun Than the Original

AR/VR8 hours ago

Virtual Tours: The Key to a Successful School Marketing Plan

Crowdfunding10 hours ago

Spanish Financial Giant BBVA’s US Division Recognized as one of the Best Corporate Digital Banks in North America

Gaming12 hours ago

Evening Reading – September 18, 2020

AI12 hours ago

7 Awe Inspiring AI Techs That Transformed The Digital World

Entrepreneur13 hours ago

100X.VC Unveils Its Class 02 Investments

Payments13 hours ago

Here’s how Nasdaq-listed MicroStrategy went about buying $175m in Bitcoin

Esports14 hours ago

Lenovo Legion Sponsors G2 Esports as Hardware Partner

CNBC14 hours ago

Supreme Court Justice Ruth Bader Ginsburg dies at age 87

Energy15 hours ago

Shanghai Electric Showcases Smart Energy Solution at China International Industrial Expo on World’s Clean Up Day

Entrepreneur15 hours ago

Preventive Healthcare Market Dilating in India

Cannabis15 hours ago

5 weed products Tommy Chong can’t live without

Gaming16 hours ago

Shacknews Twitch Highlights: Rocket League, Fight Crab, and Quest 64

Entrepreneur16 hours ago

More gets 275 Crore INR From Amazon, Samara Capital

Big Data16 hours ago

TikTok filed a complaint against Trump administration to block U.S. ban: Bloomberg News

Blockchain18 hours ago

Seoul Police Summons Bithumb Chairman For Interrogation

Cyber Security18 hours ago

6 Crucial password security tips for everyone

CNBC18 hours ago

‘Thank you, RBG’: Leaders react with sadness, shock to Ruth Bader Ginsburg’s death

Gaming18 hours ago

Shack Chat: What’s your reaction to the September PlayStation 5 Showcase?

Cleantech19 hours ago

Ford Mustang Mach-E Easily Goes 300+ Miles In Norway

Gaming19 hours ago

Apple and Sony Events – The TouchArcade Show #462

Esports19 hours ago

Here’s the schedule for the 2020 League of Legends World Championship

Gaming19 hours ago

Weekend PC Download Deals for Sept. 18: Steam Pirate Sale

Gaming19 hours ago

Shacknews Dump – September 18, 2020

Crowdfunding19 hours ago

India-Based Insurtech ACKO Secures $60 Million Through Latest Funding Round Led By Munich Re Ventures

Crowdfunding20 hours ago

Google Temporarily Removes Paytm Mobile App from Play Store Due to Supposedly Being in Violation For Gambling

Gaming20 hours ago

TouchArcade Game of the Week: ‘Songbringer’

CNBC20 hours ago

In Photos: Crowd gathers in front of the Supreme Court to mourn Justice Ruth Bader Ginsburg

CoinTelegraph20 hours ago

Pinned below $11K, Bitcoin price plays second fiddle to Uniswap (UNI)

CNBC20 hours ago

Trump nominee to replace Ruth Bader Ginsburg on Supreme Court will get Senate vote, McConnell says

Cleantech21 hours ago

Indian Government May Put EV Chargers At 69,000 Gas Pumps

Blockchain21 hours ago

The Last Time This On-Chain Metric Was This Low, Bitcoin Surged 150%

Crowdfunding22 hours ago

Digital Transformation: Qatar Financial Center Regulatory Authority to Migrate Online Services to Microsoft Cloud

Gaming22 hours ago

Call of Duty Cold War VS. Modern Warfare: The Biggest Differences

Gaming22 hours ago

What The Hell Happened To Splinter Cell

Trending