The old saying “the only constant is change” couldn’t be truer when talking about technological progress. A raft of technologies is now opening new possibilities for businesses, while also making their mark on how we go about our lives at a more personal level.
Here, we look at Internet of Things (IoT), Augmented Reality (AR), 5G, drones and Artificial Intelligence (AI), while highlighting pertinent security implications worth bearing in mind.
Internet of Things: Connectivity brings additional risk
Globally, IDC estimates that there will be 41.6 billion connected IoT devices, generating 79.4 zettabytes of data by 2025. Asia Pacific is leading the way in IoT adoption, with spending in the region expected to reach US$398.6 billion by 2023.
Governments in the region have actively promoted its adoption across diverse industries including transportation, manufacturing, healthcare and retail.
IoT devices are typically able to collect, send and act on data acquired via embedded sensors, processors and communications hardware. As a result of their inherently connected nature, such devices have been receiving much attention due to concerns around the limited security typically provided.
Looking at the healthcare industry specifically, glucose monitors, medication dispensers and insulin pumps are all examples of IoT devices in use, with reports of the latter recently being recalled due to vulnerabilities identified within the product. This is particularly concerning as such incidents can directly affect patients’ well-being.
Securing IoT devices within an organisational environment has been challenging to date, partly due to the reliance on traditional security controls which provide only limited effectiveness. Security strategies need to evolve in line with the underlying technology, necessitating a combination of both traditional and newer controls in order to address the concerns posed by such devices.
Augmented Reality: Have we learned from past experiences?
The introduction of AR will herald in major opportunities for organisations to improve business functions such as operations and customer experience. Expected to reach mainstream adoption by 2020, a pre-emptive approach to securing such technologies is recommended. While AR offers many competitive advantages for businesses, it also allows cybercriminals to create new attacks that are significantly different from those we have become accustomed to.
It would be prudent for AR developers to heed the lessons that followed the introduction of IoT. These devices have earned a reputation for being difficult to patch – a very real concern given the number of vulnerabilities being discovered.
Vendors would be well advised to build security into the product development process, rather than reacting to incidents after they occur.
5G: Data volumes set to skyrocket
Mobile network operators are laying the foundations for 5G services, with some committed to commercial launches by the end of the year. 5G networks will facilitate new kinds of applications, allowing users to connect more devices to the network and each other, while at the same time encouraging them to capture and share more of their personal data.
The amount of data being collected is one of the defining characteristics of these new networks, accelerated by the sheer number of connected devices and the countless sensors involved. The smartphone will become a super-connected hub for other personal devices.
eHealth applications will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. The end result is an avalanche of personal data.
Many security experts cite user privacy as the biggest challenge facing 5G networks. Multiple stakeholders will need to work together in order to address these concerns. This will entail industry bodies, network vendors and government agencies forming guidelines and regulations in an effort to keep communications, data and privacy secure.
Drones: Flying under the radar
Drones represent a unique breed of threat. Their freedom of movement allows them to gain physical access to areas that were once off limits. They have raised concerns by flying illegally around airports, government sites and other restricted areas, often capturing photographs and video footage.
By combining these capabilities with existing attack vectors, they can be a surprisingly effective tool for both reconnaissance and infiltration purposes.
Low cost and easy to use, drones are able to carry out surveillance, capture data and disrupt networks. In response, professional services are being built up specifically around drone security and assisting organisations with mitigating associated risks.
A lack of awareness around the threats posed by drones is currently the main obstacle preventing more from being done. This situation will likely improve in line with additional media coverage.
In November 2018, Check Point researchers uncovered potential vulnerabilities in the online forum hosted by DJI, a market leading drone vendor, that if exploited, would grant an attacker access to information generated during flights.
Artificial Intelligence: Early signs are positive
One of the challenges with traditional security tools is in the administrative overhead required for both deployment and administration. Policies need to be created, maintenance performed, and alerts responded to.
This is one area where AI is poised to bring significant benefits. Many are envisioning a future where smart tools not only automate manually intensive functions, but also use insights gathered to highlight findings a human operator may have otherwise missed.
While security teams are already beginning to leverage such capabilities, adversaries are also employing AI-powered tools to launch increasingly sophisticated attacks. For example, using machine learning technology, cybercriminals are able to craft more convincing messages as part of a phishing campaign.
The writing style and content can be tailored specifically to each victim, increasing the likelihood that each message delivered will achieve its objective.
Despite the optimistic outlook for AI, organisations are well advised not to abandon traditional security controls any time soon. Experts recommend selectively adopting AI solutions to supplement existing protections as a best practice for now.
While it’s clear to see that each of the developments discussed above bring significant benefits to both businesses and individuals alike, a number of risks do need to be considered. With each disruptive technology that enters the marketplace, security is often overlooked in favour of an expedited product launch.
Heeding the lessons learned from past technology shifts such as mobile and cloud computing will allow early adopters to reduce the likelihood that those investments don’t result in unexpected surprises.