The 2023 SonicWall Cyber Threat Report claims that IoT malware globally was up 37%, resulting in 77.9 million attacks compared to the 57 million attacks during the same period in 2022. The IoT malware attack volume in Asia rose to 23 million, up 130%.
The Nokia 20203 Threat Intelligence Report claims that 60% of attacks against telecom mobile networks are linked to IoT bots scanning for vulnerable hosts for use in distributed denial of service attacks.
Impact of unmonitored technology on security
Many say the weakest link is humans. I'd argue that the IoT devices that have been quietly sitting in the business perimeter present just as big a clear and present danger to consumers and enterprises. This has been repeatedly highlighted in cyberattacks against critical infrastructure.
Steven Scheurmann, regional vice president for ASEAN at Palo Alto Networks, says the escalation of cyberattacks on IoT and OT devices is a significant concern in ASEAN, with 60% of organisations acknowledging increased security risks associated with IoT. He pointed out that Unit 42's IoT Threat Report highlights that 57% of IoT devices are susceptible to medium to high-severity attacks.
He opined that the primary reason behind this trend is the expansion of the attack surface, as hackers exploit unsecured IoT and OT devices newly connected to networks.
“These devices often lack security updates and configurations, making them easy targets. Also, they may store sensitive personal data, making them attractive to hackers, particularly in sectors like healthcare. This evolving threat landscape is deeply concerning.”Steven Scheurmann
The sum of the parts is better
It is widely known that IT teams and those with operational technology oversight have not, traditionally, seen the need to work together. However, recent attacks against critical infrastructure and supply chains suggest that threat actors are looking at multiple channels to penetrate an organisation.
“Across ASEAN and globally, organisations possess a multitude of diverse devices, including traditional endpoints like PCs and smartphones, cloud-based applications, and a mix of on-premises and hybrid cloud systems,” said Scheurmann. “In recent years, this fragmentation has become prevalent, resulting in varied configurations, standards, and compliance measures. This lack of uniformity creates vulnerabilities that attackers exploit.”
He suggested that by integrating IoT and OT under the shared responsibility of IT and security departments, enterprises can establish consistency, standardisation, and compliance, making it more challenging for hackers to breach systems.
“While this transition is positive, there is a learning curve involved, and our role is to educate the market on achieving this level of standardisation,” continued Scheurmann.
Factors driving a convergence of oversight
A report from the Center for Strategic and International Studies (CSIS) in the USA noted that hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.
Scheurmann says securing critical infrastructure, like airports and telecommunications, at the national level is paramount to safeguard citizens in countries like the Philippines, Malaysia, Singapore, and Thailand.
He pointed out that protecting these vital assets is essential to prevent catastrophic disruptions and ensure public safety.
“The supply chain is another critical aspect, with many organisations reliant on interconnected third-party systems. Disrupting the supply chain can affect the delivery of goods and services, impacting everyone,” he added.
He explained that legacy systems pose unique challenges; identifying and managing them is a fundamental step in cybersecurity. “Without visibility, it's impossible to secure these systems effectively. Addressing these issues is complex but essential for comprehensive security,” he elaborated.
Protecting an expanding attack surface
The pandemic has accelerated organisations’ use of connectivity solutions. As enterprises start to connect IoT devices, sensors and instrumentations into the corporate network to acquire real-time visibility of assets or processes may have had the unintended consequence of exposing an organisation to threats previously not thought of by both security and IT teams.
“5G technology presents an incredible opportunity for organisations to scale services dramatically, impacting various sectors such as manufacturing and healthcare. It enables real-time decision-making on production lines and allows doctors to provide remote guidance in critical medical situations,” said Scheurmann.
He pointed out that the challenge lies in the speed at which data is transferred and shared – a breach could result in data being disseminated and compromised within seconds.
“Moreover, the connectivity of critical infrastructure through 5G raises concerns about potential attacks disrupting vital services like transportation and financial markets,” he posited. Despite these risks, he opined, the focus should be on harnessing 5G's benefits through education, preparation, and expert support, ensuring responsible and transformative use.
Expanding the protection envelope
Asked what steps should organisations then take to mitigate cybersecurity risk related to operational technology and IoT? And, more importantly, who should get involved?
Scheurmann believes that bringing OT and IoT devices into the realm of security and business units offers an opportunity to establish standards, governance, and policies. He added that this includes clear procedures, ongoing training and awareness, and a risk mitigation framework to anticipate and respond to incidents effectively.
He explained that visibility and tracking become crucial as more devices connect, ensuring a swift response to potential attacks. Resilience plays a critical role, ensuring systems can recover swiftly in the event of an attack.
“Delays in system restoration can have a significant impact, such as prolonged ATM network outages affecting everyday transactions for millions of people, emphasising the importance of quick recovery in a robust governance framework,” warned Scheurmann.
Predictions and advice for 2024
Recognising that Asia will continue to experience a shortage in skills and expertise, particularly in the areas of cybersecurity, Scheurmann believes that automation is pivotal for IT departments. He explains that automation ensures consistency in compliance, policy enforcement, and standardisation, allowing IT teams to focus on higher-priority tasks.
“For IT leadership, rationalising and consolidating the security stack is essential, given the proliferation of disparate products in response to recent challenges like COVID-19. Streamlining security measures simplifies administration and enhances effectiveness.
“Beyond IT, cybersecurity discussions must become a central boardroom topic, with every organisation recognizing the risk of potential cyberattacks. Leaders should prioritise cybersecurity strategy, investment, and integration into their overall business framework for successful digitisation,” concluded Scheurmann.
Click on the PodChat player to hear in detail Scheurmann’s take on how enterprises in Asia can mitigate OT and IoT cyber risks.
- What is the impact of unmonitored and unsecured IoT devices on a system’s cybersecurity, and why is it one of the biggest cybersecurity challenges across ASEAN?
- Why do the majority of ASEAN organisations (82%) see value in having a common team that looks after IT and OT infrastructure and systems? Is this a good thing or a bad thing?
- What factors are driving organisations’ focus on securing IoT/OT in their future cybersecurity strategies?
- What are the specific cybersecurity concerns related to 5G-connected IoT devices, and how do organisations plan to address them?
- What steps should organisations take to mitigate cybersecurity risks related to OT? Who should get involved?
- Coming into 2024, more devices and sensors will be added to the enterprises. What is your advice for operations, IT and leadership to improve the overall organisational security posture?