In this edited interview excerpt from a Nasdaq TradeTalk, Check Point President, Rupal Hollenbeck, discusses the spike in attacks on IoT device networks, how IT leaders and consumers can address the issues, and so much more. Don’t miss this!
Recent data from Check Point indicates a spike in attacks on IoT device networks. What is behind that?
That’s absolutely right. Fifty-four percent of organizations, according to our research, are suffering from cyber attacks caused through IoT devices every week. So here’s the thing — First of all, the IoT threat landscape is ever-expanding. If you think about everything from digital cameras, to doorbells, to appliances and digital assistants, we are increasingly connected. Second, post-pandemic, there’s this huge spike in the hybrid and the remote workforce (and that’s just a reality) while industries are going through a pretty significant digital transformation.
Meanwhile, most devices are actually not secure-by-design. They’re traditional devices that have been in our lives for years. So they’re quite vulnerable and give access to the bad actors, who can then obtain windows into our personal and our professional lives.
The data also indicates that IoT attacks are up 41% since last year. What are some of the factors contributing to this increase?
Well, it is the fact that we have a lot of legacy infrastructure among digital devices, and this is actually pairing with the new digital transformation. Now, let’s apply this to industries. If you think about industries that really focus on citizen-services and that have a lot of access to personal information, you’re talking about industries like education and healthcare, where there’s a whole bunch of very personal information on our private lives that’s shared broadly within those organizations. Keeping that data secure is very important, and they present a lot of vulnerabilities for the bad actors to exploit.
How are cyber criminals targeting these devices?
We have to keep in mind that IoT devices are really nothing more or nothing less than an extension of an organization’s corporate network, but they’re also the most vulnerable.
So, bad actors are really starting with those devices that are the least secured; that are the most-connected, but that are not built by-design for security. And cyber criminals are getting into schools, they’re entering into hospitals and healthcare centers. Think about all of those MRI devices out there. Think about all of those other devices used in the medical industry. These are not built secure-by-design, but increasingly need to be.
What do businesses need to consider before integrating IoT technology into their systems?
Well, we think about cyber security across three super important vectors. First of all, you need to have a comprehensive cyber security solution. So, as I said, IoT devices are simply an extension of a company’s network. So, when you’re thinking about cyber security for your organization, you have to think about IoT devices as well. So, comprehensive is really rule #1.
Rule #2 is really consolidation — Making sure that your solutions are actually working across the entire landscape and catching all bad actors through different entry points. And then, the last part is collaboration. If a bad actor is trying to enter your network through one IoT device and then gets blocked, well, that’s great. But what about all of the other entry points? So, collaboration and communication across these IoT devices is super important.
And the work that we do, with brands around the world, like Clarks, like Thompson Reuters, and like Hallmark, is really thinking about this comprehensive, consolidated and collaborative framework for cyber security. And organizations really need to keep that in mind in order to build the best cyber resilience plans.
And you had mentioned education and healthcare; of course, the two most vulnerable populations. How can consumers protect themselves?
When you’re out there looking for your next IoT device, whether it’s a smart doorbell, whether it’s a digital assistant, think about security first. Think about it at point-of-purchase, not as a layer on top of the purchase…Source your devices with security-in-mind first. Understand how it’s secure, understand how it communicates with other devices in your network, and what happens when and if a bad actor gets through.
Watch the full interview here. For more insights from Check Point President Rupal Hollenbeck, please see CyberTalk.org’s past coverage. Don’t miss out on the latest trends and insights — please subscribe to the CyberTalk.org newsletter.