Latin America. Car navigation systems that predict where traffic zones are located by comparing sensor information on roads and other vehicles; cameras that identify garbage in public places and call cleaning brigades and street lamps that adjust automatically.
Juan Carlos Puentes Valero, Manager of Fortinet Colombia, helped us identify that these are just some scenarios that in the future would be common within smart cities. Driven by increasing urbanization and technologies such as the Internet of Things (IoT) and data analytics, smart cities are on the threshold, ready for growth. Glasgow, Barcelona, Nice, New York, London and Singapore are already fully involved in this concept. The smart city technology market could be worth $27.5 billion annually by 2023, according to Navigant Research.
Initiatives for smart cities are driven by the public sector, however, they will have a big impact on business. In this sense, CIOs will have to learn how to get involved in this new infrastructure of connected cities. Smart city technologies, such as IoT and data analytics, are expected to generate bright ideas for businesses in the future.
But this new wave of services and technologies is also expected to generate new security vulnerabilities. Here are five areas CIOs should follow closely:
1. Further fragmentation of IT
Over the past few years we have seen a proliferation of cloud services and the adoption of mobile devices in the workplace. This trend has transformed business productivity, but it has also created cracks in the controls that CIOs used to apply in their IT systems.
Today, CIOs have to deal with the idea that there are employees who use cloud services through unsecured phones to access corporate servers and sensitive company data. The expected exponential growth in IoT devices will lead to further fragmentation of IT in business. Researchers estimate that by 2020 the number of active wireless devices will be greater than 40 billion globally.
Instead of fighting an already-lost battle by trying to lock down devices and services, CIOs should focus on protecting data. Search for IoT devices that offer device-to-device encryption. Consider implementing and hardening comprehensive encryption schemes to protect data across your networks, cloud services, and endpoint devices.
2. Device vulnerabilities
Last year, security researchers exposed safety cracks in Jeep Cherokee cars, Barbie dolls, fitness tracking devices and other novel Wi-Fi-enabled devices. Fortinet Labs already observes IoT-based attacks, both on radar and in real time around the world. This shows the risks that will appear as toys, wearables, cars and energy networks linked to sensors that connect to a common network and the Web.
The IoT will provide a greater surface area for attacks. Hackers will observe Internet of Things devices as a launching pad for 'landing and expansion' attacks. One scenario is that hackers will take advantage of vulnerabilities in users' connected devices to have a gateway to corporate networks and the hardware they connect to.
So what can CIOs do to protect against the risks of connected devices and their own IoT deployments? From the outset, given the difficulty of physically separating these devices from all other systems in the network, they may consider deploying network-based protection schemes. Internal segmentation firewalls (ISFWs), for example, can mitigate the proliferation of threats within the enterprise network.
They must also employ some solution for IoT on the network, which is capable of mitigating any threat against this vulnerable and ever-growing attack surface. IoT vendors must also strengthen their products and develop appropriate equipment for the security of them (PSIRT).
3. IoT gateways can be leveraged
In a typical IoT deployment, most connected devices are always on and online. Unlike mobile phones and laptops, those devices typically only go through a single authentication process over multiple sessions. This makes them more attractive to hackers looking to infiltrate companies' networks, as they allow for easy control and detection of traffic.
Improving the security of gateways that connect to IoT devices is a must. CIOs should identify where those gateways are located and where they are linked, as they can reside internally or externally, and even be connected to ioT device manufacturers. There must also be a necessary plan to update patches on those gateways, as well as on IoT devices.
4. Big data, more risks
A constant in smart city deployments is that more data will be generated, processed and stored. Connected devices will generate immense containers of data. Businesses that adopt Big Data systems will see a greater increase in the volume of information. Unfortunately, that data will become a very attractive target for corporate hackers. To protect those immense volumes of data with large inputs and outputs, bandwidth capacity will become the protagonist. In addition, by including data analytics, it is not a single set of data, but multiple containers that can be combined and analyzed together by different groups of people. For example, a pharmaceutical company's research efforts may be open to employees, outside suppliers, and interns. This translates into individual access and audit rights.
5. A new type of worms
New worms related to IoT devices will emerge that could generate greater chaos due to the extension and reach of new converging networks. Conficker is the example of a worm that invaded PCs in 2008 and remains persistent and prevalent in 2016. In the same way, worms and viruses are expected to emerge that can spread from device to device, especially those related to mobile devices and the Android operating system.
Embedded worms will proliferate by exploiting and exploiting vulnerabilities in the growing mobile and IoT footprint. The largest botnet that FortiGuard Labs has detected includes 15 million PCs. Thanks to the Internet of Things this could easily reach about 50 million if the spread of worms is not adequately mitigated. Patch management, a network-based security inspection, particularly intrusion prevention systems or IPS that can block IoT worms is a necessary thing.
Finally, today security is seen as an integral platform, covering not only external attacks that was the vision several years ago, but internal security and security that covers the spectrum of Mobility (Laptops, Mobiles, Wifi), Cloud (Paas, Saas, Iaas) and Big Data (Data Bases, Mails, Images, Social Networks, Analytics). These are the types of challenges that if visualized in an integrated way at the Security level, not only achieve greater availability and tranquility to customers, but more creativity and innovation of projects in companies.
