Forcepoint's Carl Leonard on IoT and its implementation in the business world

By Johan De Mulder

Carl Leonard, Principal Security Analyst at Forcepoint, talks about the Internet of Things and its implementation in the workplace.

Tell us about yourself and your company Forcepoint...
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. The company’s uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.”

In my role of Principal Security Analyst my objectives are to influence research activity within the global Security Labs team to ensure that we publicise the depth of knowledge at our disposal.

I am a contributor/author to annual Threat Reports, Predictions reports, Industry Drill-Down reports and blogs. I am a podcaster and conference speaker having presented at RSA USA, InfoSecurity Europe, eCrime and others. I regularly advise business leaders on how to solve the challenges of current and future threat landscapes.

The report also said that one of the main factors stopping people implementing IoT were security concerns - have you seen evidence of that?  And, if so, how can it be combatted?
One of the key barriers to success with the Internet of Things will continue to be security. The race to get products into the market to gain an edge over competitors has seen a proliferation of wireless devices that connect effectively, but are otherwise cheap, small and expendable as they feed data into our digital ecosystem. Ensuring these devices are genuinely secure from cyber threats and vulnerabilities has been an afterthought at best, with many developers dismissing these precautions almost entirely. If the implementation of the IoT is to be a fully functional success, this issue has to be avoided. This can be done in three ways: 

•    Bring transparency to the standards and protocols that govern how a new technology works so the developers who depend on them can understand where risks reside
•    For businesses including new technologies into their supply chain or operations, vulnerability assessments should be best-practice
•    Continued sustainment of the Internet-of-Things requires active maintenance rather than deploying and forgetting about any device

Businesses need to appreciate that the wide scale adoption of IoT devices, coupled with these devices often being both easy to access and unmonitored, has made them an attractive target for cybercriminals wishing to hold them to ransom or obtain a long-term, persistent presence on the network. As the number of IoT devices has grown and interconnections have multiplied, so has IoT malware, which nearly doubled from 2015 to 2016.

Going forward, the biggest emerging concern we’re seeing is ‘the disruption of things’. The internet of connected things offers access both to massive amounts of critical data, and to disruptive possibilities. A clear example is connected refrigerated trucks – malware could be used to interfere with a network of these vehicles to raise temperatures, spoil food and disrupt social infrastructure. The option will also be there to build a larger, more powerful ‘botnet of things’ to extract data or demand ransom from targeted victims.

As it stands, we don’t feel that the IoT industry is actively learning from previous security missteps, such as the one stemming from the discovery that smart meters installed by utility companies in Spain could be hacked to under-report energy use. If not appropriately addressed in the near future, this kind of poor protection against tampering could eventually lead to the systematic shut down of power across a wide area. We will then also see integration of a man-in-the-middle (MiTM) attack into an IoT network. As more connected devices, such as home personal assistants, have financial data associated with them, they become more attractive and lucrative targets for attackers.

How important is the Internet of Things to business in the world today?
IoT opens up a world of possibilities to reduce production costs, increase accuracy of monitoring, bring competitiveness to the innovators, and make our lives easier.  It is as important as machine learning, automation and the cloud in that it will revolutionise how we do business and how we conduct our daily lives.

What do you think has been the key to the IoT becoming fairly successful?
The key to IoT’s success is cheap devices, ease of roll out, and large choices in the marketplace as vendors compete to be “first to market”.  IoT manufacturers don’t have to be “best in market” as they can quickly establish themselves with a strong foothold in the rush to market.  Unfortunately this means that security features are often lacking or poorly thought through.  Given the importance of IoT devices in handling huge amounts of data and being essential to safe function in industrial settings and in a consumer environment, it is critical to embed security into the devices, their transmission of data, and access to the devices. Unfortunately this is not always top of the list in the purchaser’s buying criteria.


Featured Articles

Top 10 most innovative telecom operators in the Middle East

With Dubai-based Telecoms World Middle East in full swing, we chart the most innovative telcos from the region – and look at how they are transforming

Top 10 fastest-growing Indian companies in the UK

Business Chief takes a look at the top 10 fastest-growing Indian companies in the UK, according to the India Meets Britain Tracker from Grant Thornton

Top 10 workplaces prioritising people and planet in the UAE

Sustainable, flexible, collaborative, tech-driven, and amenities-rich, the office of the future considers both people and planet – here are 10 in the UAE

Top 10 female HR execs leading Saudi’s workplace transition

Leadership & Strategy

Top 10 largest asset managers by AUM operating in the UAE

Corporate Finance

Top 10 female CEOs leading Africa’s biggest businesses

Leadership & Strategy