IoT.nxt sees the key to true data security lying in our Raptor technology, which doesn’t run on an operating system. A business using an edge gateway that runs on an operating system could potentially be vulnerable to attacks like WannaCry.
This is why it is key to control the gateway layer and limit the operating system and vulnerabilities at this point said IoT.nxt CTO, Bertus Jacobs. “Wherever possible, edge gateways running on operating systems should be avoided.”
WannaCry, WannaCrypt, WannaCryptor or Wcry – call it what you want, just make sure you take notice of it.
On May 12, IT and Security teams around the world were scrambling to make sure they were armed and ready to protect their organisations from the attack.
The WannaCry Timeline
- Hacker crew Shadow Brokers dumped a database of vulnerabilities believed to belong to the NSA into the public domain.
- It is believed that an exploit of Microsoft Windows called EternalBlue was used as a method for spreading a variation of ransomware called WannaCry globally.
- 200,000 systems are held hostage, pending the payment of a $300 bitcoin demand.
- Companies like FedEx and the UK NHS go down as security teams work feverishly to install patches, unplugging entire networks.
- Installation of patches results in an estimated US$700 million loss in turnover.
- Microsoft President and CLO, Brad Smith, writes in a blog post: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. This attach provides yet another example of why stockpiling of vulnerabilities by governments is such a problem.”
All this talk of network vulnerabilities no doubt raises questions in the minds of anyone considering the adoption of IoT technology.
On the back of increased applications of IoT in smart cities, Harvard Business Review’s Todd Thibodeaux published an article in April that highlighted risks, detailing a ‘what if’ scenario in which hackers take control of an entire city, from security systems to critical infrastructure. He goes on to mention that in 2015 alone, the number of attacks on critical infrastructure in the USA jumped up to almost 300. Whilst the benefits of interconnectivity are obvious, businesses, and cities, have to negate risks to ensure the security of data, and subsequent deployment of behaviour-altering changes.
“The security industry really hasn’t done a good job at protecting our devices and servers and now we think it’s a good idea to connect really insecure devices at a massive scale.” Vera Sell, VP of Marketing, Senrio.
Much like in the physical world, it is futile to attempt to security individual items. You wouldn’t secure each element of your household, but rather your house, so why do the same within an IoT-enabled business.
“IoT devices should be placed within the boundaries of protected network environments. While every IoT device will never be secure, the associated risks are well contained so long as the perimeter of each machine network is secure. To provide an analogy, my keys are not secure if I leave them on the table at Starbucks — but if I place them on a desk at the safety of my home, the situation changes completely.”
“I believe that the future of IoT security lies in programmable networks and the service providers that operate them for us.” – Juha Holkkola, Co-Founder and Chief Technologist at FusionLayer Inc.