Forcepoint's Carl Leonard on IoT and its implementation in the business world
Carl Leonard, Principal Security Analyst at Forcepoint, talks about the Internet of Things and its implementation in the workplace.
Tell us about yourself and your company Forcepoint...
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. The company’s uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.”
In my role of Principal Security Analyst my objectives are to influence research activity within the global Security Labs team to ensure that we publicise the depth of knowledge at our disposal.
I am a contributor/author to annual Threat Reports, Predictions reports, Industry Drill-Down reports and blogs. I am a podcaster and conference speaker having presented at RSA USA, InfoSecurity Europe, eCrime and others. I regularly advise business leaders on how to solve the challenges of current and future threat landscapes.
The report also said that one of the main factors stopping people implementing IoT were security concerns - have you seen evidence of that? And, if so, how can it be combatted?
One of the key barriers to success with the Internet of Things will continue to be security. The race to get products into the market to gain an edge over competitors has seen a proliferation of wireless devices that connect effectively, but are otherwise cheap, small and expendable as they feed data into our digital ecosystem. Ensuring these devices are genuinely secure from cyber threats and vulnerabilities has been an afterthought at best, with many developers dismissing these precautions almost entirely. If the implementation of the IoT is to be a fully functional success, this issue has to be avoided. This can be done in three ways:
• Bring transparency to the standards and protocols that govern how a new technology works so the developers who depend on them can understand where risks reside
• For businesses including new technologies into their supply chain or operations, vulnerability assessments should be best-practice
• Continued sustainment of the Internet-of-Things requires active maintenance rather than deploying and forgetting about any device
Businesses need to appreciate that the wide scale adoption of IoT devices, coupled with these devices often being both easy to access and unmonitored, has made them an attractive target for cybercriminals wishing to hold them to ransom or obtain a long-term, persistent presence on the network. As the number of IoT devices has grown and interconnections have multiplied, so has IoT malware, which nearly doubled from 2015 to 2016.
Going forward, the biggest emerging concern we’re seeing is ‘the disruption of things’. The internet of connected things offers access both to massive amounts of critical data, and to disruptive possibilities. A clear example is connected refrigerated trucks – malware could be used to interfere with a network of these vehicles to raise temperatures, spoil food and disrupt social infrastructure. The option will also be there to build a larger, more powerful ‘botnet of things’ to extract data or demand ransom from targeted victims.
As it stands, we don’t feel that the IoT industry is actively learning from previous security missteps, such as the one stemming from the discovery that smart meters installed by utility companies in Spain could be hacked to under-report energy use. If not appropriately addressed in the near future, this kind of poor protection against tampering could eventually lead to the systematic shut down of power across a wide area. We will then also see integration of a man-in-the-middle (MiTM) attack into an IoT network. As more connected devices, such as home personal assistants, have financial data associated with them, they become more attractive and lucrative targets for attackers.
How important is the Internet of Things to business in the world today?
IoT opens up a world of possibilities to reduce production costs, increase accuracy of monitoring, bring competitiveness to the innovators, and make our lives easier. It is as important as machine learning, automation and the cloud in that it will revolutionise how we do business and how we conduct our daily lives.
What do you think has been the key to the IoT becoming fairly successful?
The key to IoT’s success is cheap devices, ease of roll out, and large choices in the marketplace as vendors compete to be “first to market”. IoT manufacturers don’t have to be “best in market” as they can quickly establish themselves with a strong foothold in the rush to market. Unfortunately this means that security features are often lacking or poorly thought through. Given the importance of IoT devices in handling huge amounts of data and being essential to safe function in industrial settings and in a consumer environment, it is critical to embed security into the devices, their transmission of data, and access to the devices. Unfortunately this is not always top of the list in the purchaser’s buying criteria.
Mambu and the UAE’s digital banking journey
Miljan Stamenkovic enjoys the dynamic and constantly evolving world of fintech banking. In his current role as General Manager for MENA for Mambu, Stamenkovic sees opportunity in abundance.
“When I joined Mambu with my team in 2019, we came with the fintech, entrepreneurial mindset and DNA to build and grow Mambu’s business in the MENA (Middle East and North Africa) region. Before 2019, the region used to remind me of a desert, at least in terms of cloud service providers and cloud adoption. But this past year has been a wave of progress.” In November 2020, Mambu opened a new office in Abu Dhabi Global Market, as the region has quickly become a key market for Mambu.
He explains, “There are data protection laws. There are cybersecurity regulations and most importantly, a variety of major tier one cloud service providers that are available. But what particularly excites me here at Mambu is the opportunity to rethink business models together with our clients and really bring them to life. This is where I saw a great fit with Mambu and its composable philosophy.”
Creating a neobank and challenger bank ecosystem has been his ultimate goal. “In my opinion, this actually creates a unique opportunity to partner with some of the best fintechs in the region and build the region’s first and true challenger and neobanks.”
Stamenkovic credits Mambu’s partnership with Banque Saudi Fransi (BSF) for the success that has driven the bank forward in the region. “When I think about all the challenger and neobanks that have grown massively over the past decade,there is one common denominator for all these new initiatives. I would say they really operate like a tech company rather than a bank. - BSF is leading this approach in Saudi Arabia.”
He continues, “This brings a competitive advantage for tech companies. These platforms are each managed individually but can be swapped in and out. And when put together, they actually form the backbone of a company's technology capability. This is why tech companies and banks like BSF actually can get products to the market a hundred times faster than their more incumbent peers.”
The implementation, he stresses, is an evolving process, where each component is trialled and checked and swapped in and out according to its effectiveness. But it’s down to the dynamism of the team on the project to initiate these changes. “As critical as technology is to digital transformation, the DNA of people working on these initiatives is the key to success. At BSF they have a true startup and entrepreneurial mentality.”
He explains that Mambu is helping BSF deliver an entire new banking experience while providing soft core banking services hosted, in this case in Saudi Arabia. “Mambu sits at the heart of BSF's new challenger bank and its technology stack. So, this actually enables BSF to take an entirely cloud native approach, having Mambu at the centre of its ‘Digital Engine’.”
Stamenkovic points out, “Mambu enables banking like a modern tech company. Banks used to be built to last, but today they need to be built to change. And that's what we're enabling here.”