As employees purchase and connect millions of new IoT devices every year, they are increasingly bringing them to work and connecting them to corporate networks. This innocent act opens corporate networks to potential attack from competitors, hackers, and other adversaries.
Companies need to be aware of these shadow IoT devices and ensure they are protected against them, both through smart cybersecurity strategies, as well as by promoting a “security by design” approach with companies that manufacture these devices.
To help you learn more about shadow IoT, the experts from Kudelski Group have used their knowledge to answer our questions.
- What is shadow IoT and how does it typically creep into an organization?
It is often quite easy for individuals to add internet-connected devices or networks of devices to corporate networks without IT’s knowledge or approval. These devices range from personal fitness trackers or digital assistants to small networks of smart home devices connected wirelessly to each other. Typically users are adding these devices for personal convenience or to help them do their job, without understanding that they are potentially adding risk to the enterprise environment. And today, the vast majority of these devices are not secure by design.
- How much of a threat is Shadow IoT to organizations?
As part of our IoT division we have advanced evaluation Labs in Switzerland that review hundreds of products per year, breaking them down to the silicone to analyze potential vulnerabilities in both hardware design and the firmware that controls the device. From this experience, we have found that all of them have identifiable security flaws which increase the risk of compromise – weak device passwords or passwords stored in the clear, no data encryption, or unpatched software vulnerabilities. Many of them even have built-in security measures in their components, but fail to implement them. Additionally, a long-term security strategy for these devices is often an after-thought. This is especially true for consumer-oriented IoT devices that are likely to be the bulk of shadow IoT devices on a network. Because these devices can often be easily compromised remotely and are already attached to corporate networks, they represent an easy attack vector to access more valuable corporate assets. Our IoT team regularly advises product manufacturers on a ‘security by design’ approach that not only helps define a secure product architecture but also to plan ahead for ongoing security lifecycle management for their devices and ecosystem.
- What threats take advantage of shadow IoT? Have there been any examples of shadow IoT causing security issues or other problems? If not, what problems could shadow IoT deployments create for organizations (i.e. unsecured infrastructure as well as unsecured data, extra costs, redundancies, etc.)?
Insecure IoT devices can provide a point of initial access to corporate networks. Often this is as simple as logging in to internet-facing management consoles on one of these devices using default credentials that have not be changed. From there attackers may be able to use the devices to conduct reconnaissance, move laterally or even launch certain attacks inside the organization.
For example, there is a North American casino where the facilities management people installed a connected fish aquarium without consulting their IT department. A creative hacker used a vulnerability (WiFi password stored in the clear) to penetrate the casino’s internal networks.
- Have any cyberattacks happened as a result of shadow IoT deployments?
Yes. There are well-publicized instances of large-scale attacks that exploited consumer-oriented IoT devices, namely the Mirai and RIFT botnets. Whether IoT devices are sanctioned or unsanctioned by IT, they represent a risk to organizations which should be identified, analyzed and mitigated.
- What steps can/should an organization take to prevent shadow IoT from becoming an issue? What can an organization do if it already is a problem?
Visibility is the first step for either prevention or remediation of a shadow IoT problem. Organizations must understand what devices are connected to their networks before they can effectively address the challenge. Our philosophy is to build in security and effective management from the start, but there are a number of IoT-focused tools on the market that enable visibility and provide some context for how much risk is posed by a particular IoT device. With this knowledge, organizations can develop and apply a policy-based approach to isolate or block unknown IT and IoT devices which attempt to connect to corporate networks. As an example, many organizations allow these devices to connect but only to a network segment specifically for untrusted devices that has no access to corporate resources.
Ultimately, this problem will only be fully solved when consumer electronics companies and other device manufacturers start to take both initial security architecture as well as long-term security lifecycle management strategies more seriously. Often in the rush to innovate and beat their competitors, security is deprioritized and shortcuts are taken, leaving gaps that pass the problem down the line to corporate IT organizations. The security by design approach taken from the beginning not only prevents this but helps protect everyone across the entire value chain: manufacturer, consumer, and company networks.
Panel: Smart Manufacturing as a Driver for Business Outcomes – Investing in Industry 4.0
Digital transformation offers promise to industrial organizations to weather the uncertain economy, but deploying digital technologies is frequently challenging.
The manufacturing sector is facing a unique set of headwinds and tailwinds. According to Omdia research, only half of industrial companies have begun a digital initiative. Among those that have, roughly 40% of organizations fail to achieve an expected payback for their digital investments.
In this video, Omdia principal analyst Alex West discusses this situation with Farid Bichareh from the Industrial Internet Consortium, Marylin Glass-Hedges from Daimler Trucks North America and Steve Holdsworth from Crescent Electric Supply.
Strengths of Employing Data Science in Healthcare
Data science employing big data for healthcare needs and the extraction of valuable business insights greatly transformed the medical industry and brought revolutionizing results in care efficiency and personalization.
According to Global Market Insights, the healthcare analytics market size is expected to grow by 12.6% by 2025, and the prescriptive analysis sector is the one that will witness the highest level of expansion with 15.8% against 13.2% in the clinic end-use segment.
Access to medical databases leading to the deployment of data makes it possible to shift from medical treatment that takes up a lion’s share of healthcare budgets, and rather focus on identifying the preventable illnesses (for instance, two leading avoidable deaths conditions are ischaemic heart diseases and lung cancer) and primary and secondary prevention.
Big Data Benefits
Medical data is a powerful resource for deriving valuable insights and reducing data waste. In the context of new reality associated with an overload of healthcare and pandemic challenges, big data can assist healthcare providers in detecting health-related patterns turning vast data into actionable information vital in medicine and medical industries.
Aside from patients getting whose experience of healthcare service can be enhanced as a result of applying data science, the stakeholders interested in the implementation of big data in the healthcare sector include healthcare providers, the health tech industry, pharmaceuticals, and health insurance agencies.
Among multiple benefits of employing big data in healthcare, the following ones come on top:
- Implementation of data science in healthcare allows to create comprehensive patient profiles.
- It provides instant identification of patterns in treatment outcomes
- It enhances patient satisfaction
- It facilitates hospital administrative workflows
- It optimizes medical procedures by increasing care efficiency
- It enables the medical industry to be more cost-effective.
Overall, data analysis in healthcare ensures a highly personalized approach to customers and processing of an individual patient model that can map out their health history and health course trajectory digitally, which implies multiple sharing options, wide diagnosis capabilities and deeper engaging patients in medical decision making.
Furthermore, the data analysis helps to improve the productivity of the healthcare sector as it enables the medical industry to maintain the high quality of the service with fast processing of a large amount of existing (and prospective) medical data at a reduced cost.
Although the application of healthcare analytics is somewhat limited in Europe, a pandemic caused by COVID-19 forced authorities to reconsider the previously imposed restrictions and give the green light to healthcare( in particular, predictive and prescriptive) analytics initiatives.
Big Data Challenges
Due to the sensitivity of health data, its fragmented nature, the enormity and complexity of databases, and the special importance of privacy-preserving technologies, data science in healthcare can face certain challenges.
In particular, challenges of processing and analyzing big data in healthcare that might restrain the market growth mostly pertain to:
- the shortage of IT professionals with relevant expertise
- data integrity issues
- ensuring data safety.
Besides, complexities of regulations and lack of unified procedures in the healthcare industry can create barriers to wider application of data analytics by medical providers and hinder the growth of the health data analytics market.
Data Science Applications
Data science in healthcare ensures a full overview of the patient’s profile in real-time as it lets process clinical information including patient demographics, diagnosis, medication, procedure, lab results, and additional clinical notes.
The large amounts of medical data that became available in healthcare organizations resulted in opening opportunities for successful completion of multiple data science projects: among illustrative applications, the most outstanding belong to practical clinical environments.
A number of pioneering organizations (Cerner Corporation, International Business Machines Corporation, MedeAnalytics, Oracle Corporation, etc.) generate use cases in and outside the clinical environment to show the potential of further exploration of data science in healthcare and its positive transformation.
They made a breakthrough in the market of wearables (they covered the various domain areas including fitness, exercise, movement, physical activity, step count, walking, running, swimming, energy expenditure, etc.), and diagnostic tools demanding implementation of advanced analytical models.
In general, the incomplete list of data science applications includes the following areas:
In this particular scenario, computers demonstrate self-learning abilities to interpret MRIs, X-rays, mammographies to recognize patterns in the data and find tumors, or any organ anomalies.
In this case, data-processing tools through analysis and interpretation help to come to an understanding of data from next-generation sequencing experiments.
New Drug Launch
Pharmaceutical companies use data science to make financial predictions and the potential market impact of a new drug by analyzing the operational pipelines from manufacturing agents to end-use consumers.
Predictive Analytics Purpose
By extracting deliverables from data, medical industries use it to predict trends and behavior patterns to enhance healthcare customer experience and calculate probabilities of medical outcomes based on the statistical approach.
Monitoring Patient Health
By storing digital health-related information of the patients, healthcare providers can improve the productivity of healthcare delivery systems. Besides, data analysis is used to monitor health parameters including blood pressure, body temperature, and heart rate in real-time.
Tracking Health Conditions
Data science can provide ongoing accurate tracking of health conditions and mark potential cases that a patient is prone to. For instance, data science proved to be an invaluable asset when it comes to assisting individuals with diabetes in keeping track of the meals, physical activity zones, and blood glucose levels.
Providing Virtual Assistance
With the comprehensive platforms available due to data science, patients are provided with the means of identifying the disease by entering the respective symptoms in the application search bar. The virtual assistant will immediately identify the condition and offer to choose the possible health solutions.
Data Science Access
Access to big data and data science in healthcare made a positive impact on the practice of medicine with widening capability of medical professionals to apply data-driven decision making, take a personalized approach while treating patients and instantly checking real-time data against patients’ profiles for delivering high-quality healthcare.
It allows us to be confident in forecasting the bright future of data science and further development of tools for comprehensive analysis in healthcare linked in the expansion of the market of data science applications.
In addition to providing new levels of data completeness and interoperability, they can successfully address, among various issues, the problems with disease prevention, symptoms, monitoring health conditions, dosage calculations, and pharmaceuticals.
IoT Security & Education: Toward a Secure Connected Campus?
IoT devices are everywhere and starting to be used in many industries, as well as in public places. Technological innovations and advancements make it possible for our devices to become smarter, but in some sectors, the adoption rate has been quicker than others.
Education is one sector where adopting new technologies takes longer than many other industries. Smarter devices could improve the interaction between students and teachers as well as provide more efficient education and learning. However, there are specific security concerns involved that have to be taken care of first for schools to adopt devices that would replace traditional books and notebooks. This article takes a look at some of the challenges faced by the education sector when it comes to the use of IoT.
State of the Education Sector
When it comes to the education sector and IoT, there are many changes possible that the entire industry could utilize making it look completely different in the timespan of a year or two. IoT provides the kind of value that other technologies don’t by advancing education so much so that its structures and environment could change completely.
Today we have schools and educational institutions sticking to the traditional ways of operation. However, there are also schools that use IoT which allows them to offer more personalized learning at a higher level of efficiency. The use of smart devices on campuses and in schools can improve the students’ access to relevant information, as well as help manage the entire classroom with more transparency and efficacy.
Education Use Cases
Below are a few interesting use cases reflecting the benefits of IoT in the Education field:
Enhanced Student Acquisition
- Improved understanding of prospective students and their educational needs.
- Improved forecasting and acquisition of students and faculty through integration of mobile apps to website navigation.
Improved Student Experience
- Distance learning integration.
- Student life analysis through device integration for any early detection of patterns that require course corrections for improved academic outcomes.
- Develop courses and curricula that meet student needs effectively based on student sentiments and their interests.
- Differentiated services and cost reductions for improved operations.
- Accelerated research through device integration for faster experimental data collection, and integrated analytics with predictive capabilities
In open environments such as the ones nurtured by higher education institutions, cybersecurity can be a massive problem. It’s quite difficult for many institutions to implement proper cybersecurity practices while striving to teach and share information with anyone who may need it. The enormous number of students passing through an institution’s system each year certainly does not help in that mission, as they all use their personal devices.
The threats could be more severe than you might think, not only for the devices but also the data that is managed by educational institutions. In Florida, there was a cybersecurity data breach through the security system of a virtual K-12 school that jeopardized the safety of the sensitive student and parent personal data. It included the names and birth dates of students, email addresses of the parents, as well as Social Security numbers of the teachers.
Cases like this, clearly show that the level of cybersecurity in the education sector isn’t on a high enough level to deter cyber criminals.
Solving Cybersecurity Concerns
The problem of IoT-related security concerns isn’t exclusive to the education sector but the sensitivity of the assets we are expected to protect in this field is particular. Therefore, Educational Institutions must start teaching cybersecurity not as “a best practice” but rather “by practice”. One way is to start teaching the young generation about cybersecurity in a fun and practical way. As a great example, ISSA France – the 1st French-speaking European chapter of the Information Systems Security Association (ISSA) has just launched a Holiday Workbook presenting cyber risks to children and their parents.
Besides, to be able to trust IoT devices, connected education campuses must drive a dedicated IoT risk analysis and adopt security assurance by design, rigorous testing, and security standards for the devices and systems in use.
Only by knowing where the weaknesses are and how they can be exploited can we deter cybercriminals from breaking into internet-connected systems to steal sensitive data and cause a massive amount of damage.
Physicists make electrical nanolasers even smaller
Nano-microscope gives first direct observation of the magnetic properties of 2D materials: Discovery means new class of materials and technologies
Who stole the light? Self-induced ultrafast demagnetization limits the amount of light diffracted from magnetic samples at soft x-ray energies
Brace for it – Bitcoin Futures may be nearing a tipping point
Tron, Synthetix, VeChain Price Analysis: 19 September
Someone Remade ‘Among Us’ in VR and It’s Strangely More Fun Than the Original
Virtual Tours: The Key to a Successful School Marketing Plan
Spanish Financial Giant BBVA’s US Division Recognized as one of the Best Corporate Digital Banks in North America
Evening Reading – September 18, 2020
7 Awe Inspiring AI Techs That Transformed The Digital World
100X.VC Unveils Its Class 02 Investments
Here’s how Nasdaq-listed MicroStrategy went about buying $175m in Bitcoin
Lenovo Legion Sponsors G2 Esports as Hardware Partner
Supreme Court Justice Ruth Bader Ginsburg dies at age 87
Shanghai Electric Showcases Smart Energy Solution at China International Industrial Expo on World’s Clean Up Day
Preventive Healthcare Market Dilating in India
5 weed products Tommy Chong can’t live without
Shacknews Twitch Highlights: Rocket League, Fight Crab, and Quest 64
More gets 275 Crore INR From Amazon, Samara Capital
TikTok filed a complaint against Trump administration to block U.S. ban: Bloomberg News
Seoul Police Summons Bithumb Chairman For Interrogation
6 Crucial password security tips for everyone
‘Thank you, RBG’: Leaders react with sadness, shock to Ruth Bader Ginsburg’s death
Shack Chat: What’s your reaction to the September PlayStation 5 Showcase?
Ford Mustang Mach-E Easily Goes 300+ Miles In Norway
Apple and Sony Events – The TouchArcade Show #462
Here’s the schedule for the 2020 League of Legends World Championship
Weekend PC Download Deals for Sept. 18: Steam Pirate Sale
Shacknews Dump – September 18, 2020
India-Based Insurtech ACKO Secures $60 Million Through Latest Funding Round Led By Munich Re Ventures
Google Temporarily Removes Paytm Mobile App from Play Store Due to Supposedly Being in Violation For Gambling
TouchArcade Game of the Week: ‘Songbringer’
In Photos: Crowd gathers in front of the Supreme Court to mourn Justice Ruth Bader Ginsburg
Pinned below $11K, Bitcoin price plays second fiddle to Uniswap (UNI)
Trump nominee to replace Ruth Bader Ginsburg on Supreme Court will get Senate vote, McConnell says
Indian Government May Put EV Chargers At 69,000 Gas Pumps
The Last Time This On-Chain Metric Was This Low, Bitcoin Surged 150%
Digital Transformation: Qatar Financial Center Regulatory Authority to Migrate Online Services to Microsoft Cloud
Call of Duty Cold War VS. Modern Warfare: The Biggest Differences
What The Hell Happened To Splinter Cell
Gaming1 week ago
Forest Warden Omu tips & strategies – Hearthstone Battlegrounds
Gaming1 week ago
Out Now: ‘Hyena Squad’, ‘PAKO Caravan’, ‘Dungeoning’, ‘Neuroshima Convoy’, ‘Conjurer Andy’s Repeatable Dungeon’, ‘Crux: A Climbing Game’, ‘LegendArya’, ‘OLO Loco’ and More
Esports5 days ago
Valorant Ego Skins Teased
AI1 week ago
What is a Sign Up Bonus and How Does it Work?
Gaming1 week ago
Tony Hawk’s Pro Skater 1+2 review: Welcome back to The 9 Club, bro
SaaS1 week ago
SaaS Growth: Top Strategies and Trends for SaaS Growth
Gaming1 week ago
‘Company of Heroes’ for iPhone and Android Is Out Now Worldwide with iCloud Save Backup on iOS
Business Insider1 week ago
Zimmer Biomet Holdings Outperform