IOT Bot attacks – a growing cause for concern
IOT Bot attacks – a growing cause for concern
Digital security continues to present itself as a hot button to CIOs and CSOs globally. It is an area of business that remains a priority with threats to business growing in volume, frequency and sophistication.
ITWeb Africa speaks to Andrew Potgieter, Director Security at Westcon Sub-Saharan Africa in an exclusive interview where he shares some of his concerns around potential threat vectors that could face Africa.
ITWeb Africa: Security issues keep more than the channel on their toes. What in your mind is the hot button in security at the moment?
Andrew Potgieter: The threat landscape in its entirety is a hot button throughout the Sub-Saharan Africa region, and should always remain top of mind due to the continuously changing nature of these threats. The areas we see more and more focus on is the application layer, where most customers intellectual property resides and where 85% plus of the attack vectors are targeted at, at present.
ITWeb Africa: Where do you think the next big 'attack' will come from?
Andrew Potgieter: The ongoing growth in IOT Bot attacks is cause for concern, particularly as security is seriously lacking in the current 'cheap IOT devices' available in the market at present. Now consider that IOT devices are being estimated to multiply upwards to 45 billion available devices by 2020 and consider, even if 1% do not have robust security - then we have a problem as an industry. These devices are perfectly poised for the next big critical attack vector for DDoS. Another area of concern facing businesses globally is crypto mining theft which is growing exponentially.
ITWeb Africa: How much has the cloud changed security?
Andrew Potgieter: The cloud is merely the ongoing reduction in the corporate infrastructure boundary, to drive cost savings and increase the ease of accessibility for the user and customer. The cloud is no longer new - but it is considerably more pervasive. What the cloud has done is to force the customer to look at a diversified security portfolio, as well as the option of applying more and more outsourced managed security services. This is attractive as it provides a customer with access to specialised and expensive skills that can give them more centralised management of their security environment while at the same time providing visibility into their systems and the available actions that can be taken.
ITWeb Africa: And IOT?
Andrew Potgieter: IOT is a double-edged sword. It is becoming mission critical when used by a customer and the information it collects is mined to provide efficiencies and as a means to develop bespoke industry disruptive solutions. The counter point however, as mentioned before, is the low security levels on the plus 45 Billion devices (2020) which provides for a massive, easily hacked, cyber threat from the combined processing capability, bandwidth availability and breadth of regional coverage of all of these devices when knitted together. The other factor to consider with IOT is the case of the individual device and its ability to physically influence individuals (think power plants, water and sewage systems, online vehicle management and automation to name just a tiny few.
ITWeb Africa: What questions should CIOs be asking of their security vendor?
Andrew Potgieter: They should be bold enough to ask of their vendors and partners 'how are you protecting my mission critical systems and intellectual property? Where are the vulnerabilities in my environment that need to be addressed? Can you show me my weaknesses and how are we addressing them?' CIOs and CSOs should be asking for answers - not just be in a position where they are bamboozled with jargon around threats.
ITWeb Africa: How do you think the industry can better gear itself for more secure environments?
Andrew Potgieter: Managed Security is becoming more and more critical in a market where increasing complexity is the norm and where skills are becoming more specialised, expensive and scarce. Furthermore, an all-inclusive view of multiple systems is essential, we have seen how even those customers who have all the available security in place can lose massive amounts of data, simply because of a lack of visibility and 'not knowing what they don't know'.
ITWeb Africa: Any advice you would like to impart to partners / end customers around security?
Andrew Potgieter: Security has always been and continues to become more and more complex in an industry where everything else is being commoditised. No one point system will protect you, which means that you need to have the budget to pay for, configure, manage, maintain and update multiple systems inside and outside of your corporate network, or you will need to look at competent Security Managed Services to share the cost and skills.
Security impacts us all and in Africa we need to be bold enough to learn from our peers – and take the lead from the innovators.