International regulations are needed to secure internet-connected devices and safeguard smart cities was the message from GISEC 2017
With governments, corporations and individuals increasingly adopting Internet of Things (IoT) technologies in everyday life, global leaders and private sector heavyweights must work together to create international regulations which protect the future of smart cities, Natalya Kaspersky, President of InfoWatch Group, told a government panel discussion on smarter and safer cities at the 4th Gulf Information Security Expo & Conference (GISEC), which ended today.
The globally-renowned cybersecurity expert told the forum that global legislation and regulations are the missing ingredient in helping secure smart devices and substantially reduce the risk of a ‘WannaCry’-style Ransomware attack on crucial infrastructure, such as airport passenger systems.
As development and adoption of IoT tech increases, Kaspersky highlighted the soaring number of devices around the world that remain unsecure, leaving an unprecedented amount of public information vulnerable to attack.
“Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” Kaspersky told the plenary session. “All kinds of systems in a smart city can be exposed to such a collapse.”
Kaspersky reiterated that amid wide-ranging threats in global cyberspace, security experts and smart device manufacturers around the world must collaborate, noting the device makers that don’t always prioritise security.
“If you develop a niche product for a small segment of the IoT security market, there is no chance for you to grow big and truly optimise your monetisation,” said the InfoWatch Group President. “Manufacturers of smart devices first think about product functionality and only then security, whereas security should be the central point of concern – even at the development stage”.
With emerging technology developers often lacking a proper insight into cybersecurity issues, making it more difficult to implement relevant cyber safeguards, Kaspersky called for an international body to implement regulations and shape cybersecurity recommendations both for national governments and globally.
Kaspersky also joined the round-table discussion ‘Government, Business and Society in a New Reality of Digital World’ at GISEC, moderated by Krishna Rajagopal, CEO at AKATI Consulting (Malaysia), to discuss how external and internal enterprise security threats affect the progress of digital society. Fellow participants included Rustem Khairetdinov, CEO at Attack Killer, and Tim Khairetdinov, CTO at Appercut Security.
Citing findings from the InfoWatch Analytical Centre on 2016 data leaks in the Middle East vs. the global security landscape, Kaspersky emphasised the challenge in safeguarding Industrial Internet of Things (IIoT) from attack when all modern cities and enterprises using internet-connected systems are constantly exposed to versatile targeted attacks.
The findings showed that most data leaks in the Middle East were caused by external attacks on enterprise IT infrastructure, while 18% of leaks were insider enabled, compared with the global average of 40%. Personal and financial data were leaked in 90% of cases recorded elsewhere in world, compared with 60% in the Middle East.
“Attack patterns can vary: insider, virus or DDoS attack, even a combination of all of them,” said Kaspersky. “As a rule, when breaking into a particular organisation or website, attackers employ several tactics at once; they assail an enterprise through all internet-connected devices, not only desktops.”