04 Mar Malaysian organisations should urgently address IoT security: new survey
A new Intel Security study shows that IoT (Internet of Things) security is not yet enough of a priority for Malaysia and other Southeast Asian countries.
Intel Security’s South East Asia managing director Craig Nielsen unveiled findings of the survey, which examined Southeast Asian IT leaders’ outlook towards the Internet of Things (IoT) and its impact on the security strategy of the businesses.
Set to be the next disruptive technology with the broadest economic impact globally, IoT has the potential to be worth an estimated US$36 trillion in operating costs, said Nielsen.
In addition, while IDC projects the Asia Pacific IoT market size will grow to US$862 billion in 2020, Intel Security foresees growing vulnerabilities from DDoS attacks and spammed devices will open up new possibilities for hackers and cybercriminals.
Given this scenario, he said the survey findings come across as surprising at a time when Southeast Asia is being considered the biggest penetration market for IoT devices globally.
As an example, when asked about their preferred solutions to improve their organisations’ security levels in an IoT implementation, Nielsen noted that IT leaders from almost all countries held that advanced security technologies were the most important.
Other preferred solutions included driving better employee security awareness, setting up IT steering committees and increasing security staff.
Speaking of the Malaysia findings, Nielsen said 54 percent of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.
In addition, 36 percent of IT leaders believed better detection tools would do the most to improve the efficiency and effectiveness of their staff towards IoT security. This referred to both static and dynamic analysis tools along with cloud-based threat intelligence to analyse files to gauge whether they are benign or malicious.
Also, 24 percent believed better analysis tools would help while 14 percent believe more training around managing incidence response issues over multiple networks is needed.
The survey was conducted in Singapore, Malaysia, Thailand, Indonesia and Philippines, with analysis from key players in IT organisations from CEOs to developers to system administrators. A total of 1,953 persons responded to the survey.
Of the countries surveyed, Thailand ranked lowest in its IoT security awareness with only 39 percent of IT leaders recognising the need for enhancements to be made to their security controls to secure their IoT while Philippines ranked highest as the most aware at 53 percent. Singapore, the country with the highest mobile penetration globally, stood at 42 percent, while Malaysia and Indonesia stood at 46 percent and 40 percent respectively.
“Security is an important aspect of IoT that needs to be addressed urgently,” said Nielsen. “Intel Security predicts that these systems will reach substantial enough penetration levels that they will attract attackers. With the evolving threat landscape, security needs to cut across the entire IoT spectrum, whether it is protecting devices, putting in access control measures, writing security codes, or looking at security from a policy perspective.”
He said while there were significant economic benefits to collecting and opening up data for sharing, there was also the danger of data being misused.
While improved architecture is vital, the efficiency and effectiveness of organisations’ education programmes in ensuring their employees adhere to security policies is equally significant to ensure maximum safety, he added.
In the near to midterm, Nielsen said Intel Security recommended adopting a holistic approach to security involving technologies as well as user education.
To effectively secure these IP connected devices, security needed be part of the design and not an afterthought, which advised that organisations need to adopt a comprehensive IoT strategy that includes:
– A secure and holistic solution for information-rich environments across multiple environments and devices
– Assurance that devices are operating as intended by the manufacturer and have not been corrupted
– Life cycle security across the device, network, and data centre
– Support for industry standards and device interoperability
– Ability to solve Information Technology/Cloud services challenges in connecting legacy and new systems to new and future services
– Technology to assure individual privacy
“Effective static and dynamic analysis tools, along with cloud-based threat intelligence, are key to analysing files to gauge whether they are benign or malicious,” he said. “Intel Security believes that technology vendors and vertical solution providers will need to work cohesively to establish user safety guidance and industry best practices, as well as build security controls into device architectures wherever appropriate.”
Source: MIS Asia