Forcepoint's Carl Leonard on IoT and its implementation in the business world
Carl Leonard, Principal Security Analyst at Forcepoint, talks about the Internet of Things and its implementation in the workplace.
Tell us about yourself and your company Forcepoint...
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. The company’s uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.”
In my role of Principal Security Analyst my objectives are to influence research activity within the global Security Labs team to ensure that we publicise the depth of knowledge at our disposal.
I am a contributor/author to annual Threat Reports, Predictions reports, Industry Drill-Down reports and blogs. I am a podcaster and conference speaker having presented at RSA USA, InfoSecurity Europe, eCrime and others. I regularly advise business leaders on how to solve the challenges of current and future threat landscapes.
The report also said that one of the main factors stopping people implementing IoT were security concerns - have you seen evidence of that? And, if so, how can it be combatted?
One of the key barriers to success with the Internet of Things will continue to be security. The race to get products into the market to gain an edge over competitors has seen a proliferation of wireless devices that connect effectively, but are otherwise cheap, small and expendable as they feed data into our digital ecosystem. Ensuring these devices are genuinely secure from cyber threats and vulnerabilities has been an afterthought at best, with many developers dismissing these precautions almost entirely. If the implementation of the IoT is to be a fully functional success, this issue has to be avoided. This can be done in three ways:
• Bring transparency to the standards and protocols that govern how a new technology works so the developers who depend on them can understand where risks reside
• For businesses including new technologies into their supply chain or operations, vulnerability assessments should be best-practice
• Continued sustainment of the Internet-of-Things requires active maintenance rather than deploying and forgetting about any device
Businesses need to appreciate that the wide scale adoption of IoT devices, coupled with these devices often being both easy to access and unmonitored, has made them an attractive target for cybercriminals wishing to hold them to ransom or obtain a long-term, persistent presence on the network. As the number of IoT devices has grown and interconnections have multiplied, so has IoT malware, which nearly doubled from 2015 to 2016.
Going forward, the biggest emerging concern we’re seeing is ‘the disruption of things’. The internet of connected things offers access both to massive amounts of critical data, and to disruptive possibilities. A clear example is connected refrigerated trucks – malware could be used to interfere with a network of these vehicles to raise temperatures, spoil food and disrupt social infrastructure. The option will also be there to build a larger, more powerful ‘botnet of things’ to extract data or demand ransom from targeted victims.
As it stands, we don’t feel that the IoT industry is actively learning from previous security missteps, such as the one stemming from the discovery that smart meters installed by utility companies in Spain could be hacked to under-report energy use. If not appropriately addressed in the near future, this kind of poor protection against tampering could eventually lead to the systematic shut down of power across a wide area. We will then also see integration of a man-in-the-middle (MiTM) attack into an IoT network. As more connected devices, such as home personal assistants, have financial data associated with them, they become more attractive and lucrative targets for attackers.
How important is the Internet of Things to business in the world today?
IoT opens up a world of possibilities to reduce production costs, increase accuracy of monitoring, bring competitiveness to the innovators, and make our lives easier. It is as important as machine learning, automation and the cloud in that it will revolutionise how we do business and how we conduct our daily lives.
What do you think has been the key to the IoT becoming fairly successful?
The key to IoT’s success is cheap devices, ease of roll out, and large choices in the marketplace as vendors compete to be “first to market”. IoT manufacturers don’t have to be “best in market” as they can quickly establish themselves with a strong foothold in the rush to market. Unfortunately this means that security features are often lacking or poorly thought through. Given the importance of IoT devices in handling huge amounts of data and being essential to safe function in industrial settings and in a consumer environment, it is critical to embed security into the devices, their transmission of data, and access to the devices. Unfortunately this is not always top of the list in the purchaser’s buying criteria.
Grupo Espinosa: 70 years of constant evolution
Founded in 1952, Grupo Espinosa has been relentlessly supporting the publishing industry with producing more than 100 million copies every year – whether its books, magazines, catalogues or single-order custom prints. No project is big or small for Grupo Espinosa, as the facility can scale up on demand and their turnaround times are highly competitive. Grupo Espinosa works with on-demand digital press or offset press, in paperback with glued softcover binding, PUR softcover binding, stitched paperback binding, binder’s board, hardcover, saddle stitched, Spiral or Wire-O. Equipped with the experience needed for a product to leave the plant ready for distribution, Grupo Espinosa delivers anywhere inside or outside Mexico. Traditionally starting off as a black and white printing press, Grupo Espinosa has experienced transformation first hand – from colour to digital offset printing. Currently, Grupo Espinosa is also looking at making capital investments into audio books to match with the increasing demand.
So how did a seemingly local operation in Latin America become a world-renowned printing facility trusted by hundreds of clients? As Rogelio Tirado, CFO of Grupo Espinosa for the last six years says “It all comes down to our market experience and our dedication to quality”. With nearly 70 years behind them, and located in Mexico City, Grupo Espinosa has two major locations – one spanning 75,000 square metres and the other about 45,000 square metres. Both locations are controlled by a single ERP (Enterprise Resource Planning) system ensuring speed, consistency and quality of work. Tirado says this isn’t their only competitive advantage. He adds “Our competitive advantage is the relationship we have with customers and the trust they put in us with their intellectual property”. Speaking of trust, global publishing giant Macmillan Education exclusively partners with Grupo Espinosa for their Latin America operations, as part of Macmillan’s decentralized hub strategy. Having a facility that offered the full spectrum of service – from storing digital content to printing and distributing – was one of the major requirements for Macmillan, and Grupo Espinosa was recognized as the leading printing hub for providing this 360 infrastructure. Another factor that has led to success for Grupo Espinosa is the absolute focus on quality and time. The staff are committed to providing the best quality in the best possible time, without causing wastage of resources. Sustainability is a huge factor playing into Grupo Espinosa’s operations, and they’ve created a healthy environment with the sustainable use of paper and energy resources as well as keeping their employees – most of them associated with the organisation for over 10 years – happy. He adds, “In order to be truly successful, you need to be good to the environment, employees, suppliers, and your customers. But most importantly, you need to be sustainable, you need to have proper working conditions, pay proper salaries, proper prices for paper, source the paper from sustainable sources, pay your taxes, basically be a good global corporate citizen and that's probably one of the biggest achievements that we have.”