Relevance of End-to-End Security in an IoT Environment

By Mehul Doshi

With IoT serving as a medium it also brings with it multitudes of possible security issues like that of identity theft, hacking, and cyber threats

The Internet is a vast space filled with networks, local, global, private, and public, connecting devices all over the world, and highly susceptible to attacks. This rapid penetration of the Internet in our lives is leading to a scenario wherein we are digitally connected around the clock, with human beings interacting more and more through machines. With IoT serving as a medium for this, facilitating the communication between man and machines, it also brings with it multitudes of possible security issues like that of identity theft, hacking, and cyber threats.

In 2013, there were 10 bn things connected to the Internet, and it is estimated that the number will reach 40 bn by 2020, bringing with it an evolving threat landscape. Over the years, the BFSI sector in particular has become a target of security breaches with DDoS attacks, mobile platform threats, ATM jackpotting and personal information theft becoming rampant. Anthem, the second-largest health insurer in the US, took a big hit last year when a data security breach led to theft of personal information of 78.7 mn customers, and cost the company over $100 mn.

Here’s how these security breaches can be dealt with:

Fix the loopholes within the business: In this past year itself, over 93% of the large corporations have faced major cyber breaches. Even the small businesses are no longer safe as it affects the business. No one would be confident about investing in a business that has been hacked or faces a similar threat. The first and foremost pre-requisite is having skilled security specialists who can aptly isolate the threats and prevent it. This is imperative as on a normal basis it can take a business roughly 9 months to identify the vulnerabilities. Given the fact that BFSI is a burgeoning sector, there is a major hindrance in terms of outdated technology. Especially in India, there is a hesitation towards adoption of new technology.

All-round stock of information: One of the main reasons why it may take an organization a long time to identify a security breach could be because of ambiguity in terms of how vast the stored information is. A crucial step towards this direction can be taken by measuring the extent of information an organization has, and categorise it with regards to its history and sensitivity. Once the filtration is done, it can be further be scaled down by the degree of importance, retaining only what’s important, rather than hoarding anything and everything. Lesser the amount of information stored, lesser the degree of vulnerability.

End user security: Investing in end user security training can be fruitful for a business as it will not only limit instances that could lead to a breach but also instil a sense of alertness in the employees towards spotting odd or malicious behaviour. It will bring in a security minded environment. Over and above this, having a security plan in place will prove invaluable. In case of a breach, the organization will be able to contain it effectively and come up with swift solutions. The advancements in technology has facilitated the influx of digital records, making physical records defunct. Such a scenario further re-affirms the importance of extensive password protection for all things involved.

The time has passed when cyber security was the lone headache of just the IT department, it equally affects all branches of an organization. By starting a practice of using highly secure authentication, not only can the number of breaches be reduced but it will also cut down the losses incurred by the company due to breaches.

Mehul Doshi

(The author is Country Head of Technology, Server, Storage CCD & Datacenter Solutions, Fujitsu India)

vndedit@cybermedia.co.in