Where do we go from here?
Let me grab my crystal ball, dig my Tarot deck out of the box, consult the I Ching and make an attempt to answer this week’s topic:
The Future of Connected Devices.
At the end of 2020, the Internet of Things (IoT) is expected to number 31 billion devices. By 2030, the IoT is expected to be 125 billion devices. During the Cold War, NATO claimed to be heavily outnumbered by the Warsaw Pact. NATO tankers said they expected to fight in a “target rich” environment. With the dramatic increase in connected devices, the criminal element will be operating in a very target rich environment.
Not only will there be more devices, there will be new devices to attack. Besides devices such as computers, smart phones, gaming machines, the IoT, and the Internet of Medical Things, there is now the Internet of Nano Things (IoNT). Nano-things are devices in the range of .1 to 100 nanometers, with a nanometer being one-billionth of a meter. Nano devices are primarily sensors. Users of the IoNT include the military and health care. Nano devices are too small and memory is too limited for the use of encryption. This creates privacy issues in the health care field and security issues with the military.
Illicit actors are creative. Attackers will find new attack vectors. Hackers have found a way to send phishing e-mail as replies to legitimate e-mail.
Hackers will Continue to
Find New Avenues of Attack.
People are now working and going to school from home. As people move out of the office, they are moving out of the city, and out of the state. Work From Home (WFH) has no distance limitation. WFH employees will soon realize they don’t even need to be in the country. That beach house in low tax Bahamas could become a viable option. WFH doesn’t even need a fixed address. It would be possible to live and work on a sailboat, sailing the islands and countries of the Caribbean. While some of these scenarios sound inviting, some locations may have less than dependable connectivity and communications security is an issue.
The home is now a business network, secured with home grade security systems. Working remotely will require business grade secure communication on home systems. Working from a non-fixed address (e.g. sailboat), out of the country, or both, will add complications.
Cybersecurity is a game of Whack-a-Mole. Hackers come up with an attack method; cybersecurity whacks it. Another cyber-mole pops up; cybersecurity whacks that. In the future, we will need to deal with a large number of cyber-moles. As the threat environment evolves, we will be confronted with cyber-gophers, cyber-gerbils, and a host of other cyber-rodents.
How will we Contend with
All of these Cyber-Rodents?
- Some defense strategies will be similar to present methods.
- Users are the major threat on any network.
- With the use of the business network by the family and the increase in connected devices, this threat will increase.
- Employers will need to implement family friendly security training.
When you connect to an Internet Service Provider (ISP) at home, you are provided a router. The ISP router will connect your house to the internet and assign IP addresses. While this may be adequate for sending e-mail and watching movies, this is not sufficient for the business environment. Businesses need to protect proprietary information. There are also government privacy laws and regulations. Business will need to require routers with increased cybersecurity capability for those who work from home. There are home and home-office routers with built-in VPN, anti-virus, anti-DoS protection, firewalls, and similar capabilities. However, there doesn’t seem to be routers with all of the desired security capability. Business will need to decide on a system which meets minimum requirements and then make the device available for WFH employees. Router manufacturers also need to produce products with increased capabilities.
When you log on to a computer, you use something you know, something you have, or something you are. Each of these types of log-on is called a factor. Logging on with a user name and password is something you know. Logging on with a thumbprint is something you are, and a Common Access Card (CAC) is something you have. The Federal government has required two-factor authentication for log-on (user name/password and CAC) for over a decade. More and more commercial firms require two-factor authentication. The Dutch bank, RegioBank, issues a red security token which is required in order to log-on to your bank account. There are apps that turn your phone into a security token. Two-factor authetication will need to be a requirement for WFH employees.
If you send a signal, someone is listening. WFH employees will need to secure business communications. We can’t prevent someone from listening; we can make it difficult to read what we send. IPsec VPN is an option at the present time. There may be additional options in the future. Businesses must establish an encryption communications standard and require that WFH employees adhere to the standard.
All Connected Devices Need to have
All systems, to include infrastructure devices such as routers, need to keep system and applications software up to date. It is not realistic to expect a Human Resources employee sitting on the beach in Zanzibar to keep systems updated. Enterprises will need to implement Remote Device Management. Devices can be managed remotely, using a combination of automated and manual methods so the Human Resource employee can go back to enjoying the sunset.
There are predators lurking in the internet. In the future, the increase in connected devices will give cyber-predators more opportunity to take down cyber-prey. We need to be vigilant in order not to become the next cyber-lunch.
The increase in WFH also presents the option of having a lucrative occupation while living in the Idaho panhandle. A high-paying position no longer requires living in an over-crowded city with high rents, high taxes, high traffic, and long commute times.
The cybersecurity future is scary. There are also exciting opportunities.
Do Your Part. #BeCyberSmart