The company plans to set up a research and development facility as well as the US’ first lithium titanate battery facility in Kentucky
Cybersecurity can cause organizational migraines. In 2016, breaches costbusinesses nearly $4 billion and exposed an average of 24,000 records per incident. In 2017, the number of breaches is anticipated to rise by 36%. The constant drumbeat of threats and attacks is becoming so mainstream that businesses are expected to invest more than $93 billion in cyber defenses by 2018. Even Congress is acting more quickly to pass laws that will — hopefully — improve the situation.
Despite increased spending and innovation in the cybersecurity market, there is every indication that the situation will only worsen. The number of unmanaged devices being introduced onto networks daily is increasing by orders of magnitude, with Gartner predicting there will be 20 billion in use by 2020. Traditional security solutions will not be effective in addressing these devices or in protecting them from hackers, which should be a red flag, as attacks on IoT devices were up 280% in the first part of 2017. In fact, Gartner anticipates a third of all attacks will target shadow IT and IoT by 2020.
This new threat landscape is changing the security game. Executives who are preparing to handle future cybersecurity challenges with the same mindset and tools that they’ve been using all along are setting themselves up for continued failure.
There is much debate over the effectiveness of security and awareness training, centered on competing beliefs that humans can either be the most effective or weakest links in security chains. It can’t be denied, however, that in the age of increased social-engineering attacks and unmanaged device usage, reliance on a human-based strategy is questionable at best. This assertion is further substantiated when you consider recent reports put out by security providers like PhishMe showing that 80% of employees who’ve completed training are still susceptible to being phished.
It only took one click on a link that led to the download of malware strains like WannaCry and Petya to set off cascading, global cybersecurity events. This alone should be taken as absolute proof that humans will always represent the soft underbelly of corporate defenses.
Today, connected devices are being used by employees to drive bottom-line activity. Their utility and convenience are giving IoT devices a foothold in the enterprise — in corporate offices, hospitals, power plants, manufacturing facilities and more. We recently found that 82 percent of our enterprise customers have Amazon Echos in use, which are almost always in an executive’s office. These devices, designed to listen and transmit information, may lead to increased productivity, but they also introduce unquantifiable risks. Our own research recently demonstrated that the Amazon Echo is susceptible to airborne attacks. Amazon has patched the vulnerabilities, but this finding demonstrates how easily a compromised device can lead to the leak of confidential information.
Connected devices are proliferating at a rate IT departments and security teams can’t keep up with. They are manufactured with little oversight or regulatory control, and are all Wi-Fi- and Bluetooth-enabled; designed to to connect immediately. They are introduced into corporate environments by individual users who have no real security knowledge or expertise, which is a risk. Users may have productivity goals in mind, but there is simply no way you can rely on employees to use them within acceptable security guidelines. IoT training and awareness programs certainly will not do anything to help, so what’s the answer?
It is time to relieve your people (employees, partners, customers, etc.) of the cybersecurity burden. It may be prudent, and required, for you to continue with awareness programs, but you will have to rely more on intelligent technologies and automation if you hope to have any chance at success.
Removing the human risk means repositioning the way you think of the relationship between employees, connected devices, and overall corporate cyber defenses. You must accept that IoT and other security issues aren’t user interaction problems; they’re device and system interaction problems. The highly connected nature of IoT devices means that they’re constantly in communication, capable of spreading malware, and capable of leaping from system to system with no human interaction — all beyond the reach of current security solutions. Security threats are stacking up against your people at work: employees are still falling victim to automated phishing emails and organizations with ample security analysts simply can’t manage the volume of vulnerabilities present in new connected devices and software. And, new IoT attack vectors like BlueBorne and KRACK that work around humans to infect devices and networks are popping up faster than they can be addressed.
To manage security today, your systems must be intelligent and able to work without human supervision, knowing when and how to take proactive or defensive action.
When it comes to connected devices, the massive numbers that will be in use in businesses make it impossible for people on their own, or for understaffed IT and security teams, to manually identify and stop risky activity. To identify devices and behavior patterns that represent a threat, your IoT security system must be intelligent enough to spot all connected devices and the vulnerabilities they introduce, approve and deny access to networks, and learn from constantly evolving conditions to become more effective over time.
View all SMART GRID Bulletins click here