An event organized by Info Security, asmag.com’s sister media platform, in Taipei on March 9 saw speakers sharing their ideas and views on cybersecurity in the connected age.
It goes without saying that more and more devices, security and non-security alike, are moving toward IP. At the same time, an increasing amount of data, including video footage, is kept in the cloud. Against this backdrop, users must place a stronger attention on cloud security, endpoint security and identity management.
That was the main idea relayed at an event organized by Info Security, asmag.com’s sister media platform, in Taipei on March 9, where speakers shared their ideas and views on cybersecurity in the age of IoT.
Yang Chao-chien, a sales manager with
Trend Micro, said during the keynote that IoT users face an increased threat landscape where attack methods have become more complex. “Especially in the pandemic where more at-home staffers access company assets through VPNs, hackers exploit this situation to hack into company systems. Also, more ransomware attacks have been reported whereby the hacker encrypts user data and asks them to pay a ransom to have the data decrypted. Finally, some hacks have geopolitical ties whereby governments fund hackers to carry out certain tasks,” Yang said.
Cloud security
Yang then went on to talk about cloud, which he said has emerged as an irreversible trend. This is certainly the case with video surveillance as more and more users store their video data in the cloud rather than on-premises. Some, meanwhile, use a
hybrid approach whereby the more critical video is stored on-premises and the less important one in the cloud, or where video is stored on-premises and later pushed to the cloud.
According to Yang, storing data in the cloud, whether in cloud native applications or through a hybrid approach, still has certain risks as hackers are still able to find vulnerabilities at the system, application and network levels. Compliance, meanwhile, has proven to be insufficient in some instances to guard against threats that are evolving constantly. Choosing the right cloud security solution, such as Trend Micro’s own Cloud One solution, then becomes critical. “Many organizations are no longer considering compliance to be the gold standard and recognize that threat and breach vectors are advancing and growing faster than regulations can keep up. Organizations are going beyond the minimally compliant approach and looking for the best cloud security. However, this can be a lot to take on,” Yang said. “Making solutions efficient from a resource and user perspective has allowed us to address the three drivers for cloud security priorities: cloud migration, modern application delivery and cloud operational excellence. We work to ensure that our solutions are optimized for the cloud.”
Endpoint security
IoT endpoints can easily be compromised as well. These endpoints include both security and non-security devices. Security-wise, it’s been reported to great extent that IP cameras or baby cams, some of them poorly protected, have been
breached by hackers who take control of the camera, capture unwanted footage and talk to the user through the device. Then, there are also incidents of hacking against non-security smart home appliances, for example smart thermostats that automatically turn off when the user is not at home. This then gives hackers the chance to burglarize the user’s household.
Endpoint security, then, becomes critical. In their presentation,
Entrust said that a unique, trusted digital credential can play an effective role in this regard. “To securely participate in IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle,” the company said. “Our nShield hardware security modules enable manufacturers to provide each device a unique ID using the strongest cryptographic processing, key protection and key management available.”
Identity management
It goes without saying cyberattacks and intrusion have become more rampant. Making sure whether data is accessed by the right person, then, becomes key. This is where identity management comes in.
One way this is done is through multifactor authentication. In the
physical security sense, it involves authenticating a user by more than one factor, for example through a combination of keyfob, password and biometrics. In logical security, it involves using more than one factor to log the user into the online world. This is especially common in the banking industry. A bank customer wishing to transfer money online, for example, will first enter their password and then get a smartphone SMS code from the bank. “From time to time, the user’s password gets intercepted and deciphered, and the hacker may use it next time fraudulently,” said
Lydsec Digital Technology in their presentation. “By using multifactor authentication, you can reduce fraudulent fund transfers as well as other fraudulent online financial transactions by a significant margin.”
Lydsec introduced their solution during their presentation, a multifactor authentication solution mainly used in the financial industry that allows a combination of factors including password, face, voice and fingerprint.