By A.R. Guess
According to a recent press release, “Today, Lenovo Data Center Group (DCG) expands its portfolio of IT infrastructure solutions. As companies implement Internet of Things (IoT) solutions and 5G technologies, an increase in connected devices drives an explosion of data created, analyzed, stored and managed from the edge to the core. For enterprises building end-to-end […]
The post Lenovo Delivers Smarter Edge to Cloud Infrastructure Solutions to Unlock Data Insights appeared first on DATAVERSITY.
Read more here:: www.dataversity.net/feed/
In this brand new Quickfire interview, Marco Bijvelds, Senior Vice President EAP at Kore Wireless, tells Jeremy Cowan, editorial director of IoT Now, what the key drivers and primary use cases for electronic Subscriber Identity Modules (eSIMs) are and if there are foreseeable challenges with security.
The post eSIM takes device and application security to another level appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/
Intelligent living happens when smart devices, software and services work together seamlessly to form an ecosystem that surrounds us. Its aim, says Olivier Dobo, marketing director of HONOR UK, is to help people live life more efficiently and effectively, so that they can focus on what truly matters. Our new report, Intelligent Living in Europe, prepared with Canalys, forecasts that
The post How smart devices will transform the next generation’s daily life appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/
By A.R. Guess
According to a recent press release, “NetFoundry, a leader in zero trust networking, today announced a new embedded networking solution within Microsoft Azure Edge Zones. Our integration will allow businesses to easily and securely tap into the power of edge compute and optional private 5G for use cases, including industrial IoT, near-real time video processing, […]
The post NetFoundry Simplifies IoT Edge Compute and Private 5G appeared first on DATAVERSITY.
Read more here:: www.dataversity.net/feed/
Reading up on COVID-19 and Zoom/Boris Johnson outcry yesterday, an analogy struck me between the two: the lack of testing. In both cases, to truly know how safe and secure we are, testing needs to be stepped up considerably. This post focuses on cybersecurity.
Over the past days and weeks, more and more organisations have switched to digital products and services to sustain working from home, to keep productivity up and to be connected. Our dependency on the Internet has become even larger, with perhaps one large difference: more people are actively aware of their dependency and not as something they see as normal without thinking about it. Let’s not forget that by far, most people have slipped into the digital age, without comprehending the implications. Let alone how it works. With this newly found realisation, this is the time to act where cybersecurity improvements are concerned. First, let me give a few examples of how we slipped into the digital age.
How we moved onto the internet
Over the past years, we all have started to use products and services we do not truly understand, nor do we have an overview of the implications coming with the use of these products. This goes for apps that transgress every basic rule of privacy without any hindrance, but also for government organisations using cloud services in the U.S.. We use Google, Facebook, Whatsapp, etc. multiple times daily without being aware that we are the product, “the user,” of these companies. Energy companies connecting a nuclear reactor to the Internet as running maintenance from home, if necessary, is so easy. Or, a machine in a factory that is directly connected to the manufacturer for maintenance without built in security. And what about all those connecting devices entering our home without basic security installed. Etc., etc., etc. All were decisions with large implications, usually made without security in mind, not offered, not asked for, not (fully) understood. Let’s make it more tangible.
On Wednesday 31 March, Boris Johnson, U.K. prime minister, posted a photo online, showing his cabinet’s video conference, giving away a load of data about his workplace, gear and even his unique username to the Zoom application the U.K. cabinet used for the conference. Twitter sort of exploded because of it, and yes, the lack of understanding in the PMs office is extremely disconcerting, but a part of the Twitter explosion focused on the program used. Zoom is an application that is used all over the world for video conferencing, one of many. What was pointed out yesterday, at a time that almost every organisation depends on video conferencing, that Zoom is not as secure as it advertises. Many people pointed out that Zoom blatantly lies about its level of security on offer.
And here is where I am coming to my point that we need to test, test, test. An important question ought to be: Why did some people only bother to test the service now and not last year or the year before? Can you tell me whether any of the other services are better? I can’t.
Responsibility for a secure internet
The world fully depends on ICT products and services, something that today is more clear than ever. It also means that the products and services need to become more secure. 100% Security is something no one can offer. Avoidable mistakes, though, should no longer be acceptable when a product or service enters the marketplace. Not in a product connecting to the Internet, not in software and not in online services and hosting. If the current crisis shows us anything, it is the responsibility the internet market has where the world’s security is concerned.
Making the Internet more secure
This can easily be improved if, during the production phase, testing becomes a prerequisite. For everything already on the market, it is quite clear that the status quo is that a company awaits an alert or a breach before taking action to amend the flaw in its product, if even then. To become safer, there are three ways forward:
- New products are made by new rules assuring a higher level of quality and security;
White hat testing – I would like to focus on the last two. Mark Goodman proposed in his book ‘Future Crimes’ to create a worldwide pool of white hat hackers who test products and alert a company or a central agency on discovered flaws that are then repaired and updated. One thing is certain, the “bad guys” test products 24/7 in search of flaws and use them for their own nefarious purposes. So why don’t the “good guys” do this in an organised way? Yes, this is a challenge to organise, but the white hat hackers already exist. So why not pool them and make use of their energy? Finding flaws before the bad guys do saves everybody money, time, losses, hurt, bankruptcy, etc. Yes, it is a burden on the manufacturers, but then they are the source of the flaws. Not the consumers. In fact, not even the “bad guys” are the source; they are just using what is on offer in a bad way.
A related example is the city of The Hague that organises a yearly hack contest on itself. Something more companies and organisations should do.
Consumer organisation testing – A second way of testing is through consumer organisations. Products and services with online components from now on need to be tested on cybersecurity aspects. Are certain internet standards deployed? Are passwords in place? Are patches guaranteed? Is data protected? Etc., etc. This way, the pressure is applied to manufacturers and service providers to up their game. This way, consumers can compare products. The test of webshop websites in The Netherlands and privacy adherence in an app in Belgium are good examples of this.
Attribution of breaches – When hacks or other digital breaches occur, one way forward is to collectively learn from the cause(s). E.g., by making it known, the breach was caused by a lack of security in product X or service Y. This puts pressure on manufacturers who currently produce sub-optimal or even less safe products. No product wants to be associated with negative news, so most likely all will progress because of it.
A milder form is to mention the cause without the name but including explicit mention of costs and losses, in combination with suggested questions consumers can ask to their vendors or demands they can make for a more secure product. This creates awareness at the customer side and puts pressure on the manufacturer.
Is this bad for innovation? All other products in the world show that rules or regulations do not stop progress. So why would the Internet be different?
Security investments come with costs
More than ever before, the world has become dependent on the Internet. It is time that the internet business takes responsibility for this dependency. This comes at a cost. Yes, there is another side to this debate. It has to become normal to pay for internet security. It is only fair money is made on the investment industry has to make to provide cybersecurity.
Conclusion: start testing!
Just like at this point in time in the COVID-19 crisis, a lot of people are not aware whether they have attracted the disease and are cured because they have not been tested, many internet services and products can get on the market, even with false claims, without testing. It is time for change. Societies have to start testing.
In a recent report published on the website of the Internet Governance Forum, I have identified 25 pressure points in society that can aid in making the Internet more secure. If you are interested to learn more you can download it here: Setting the Standard report
Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xml