IT trends: protecting your airspace
Smart companies have security plans and protocols in place.
Smarter companies regularly survey their security measures to ensure 1) systems are working properly and 2) no unforeseen vulnerabilities are surfacing.
So, you run down the checklist:
Anti-virus, anti-malware and other security software installed and updated? Check.
Operating system and software patched and updated? Check.
Multi-factor authentication, encryption, password and BYOD policies in place? Check.
Physical security for the data center? Check.
Corporate airspace secure? Uh . . . what?
“You can’t secure what you can’t see.”
It’s true: our airspace has become a top security risk, due to the rise of Internet of Things (IoT) devices and the need for employees and customers to be constantly connected to these devices. Radio-Frequency Identification (RFID) uses “electromagnetic fields to transfer data wirelessly, the data is usually stored info ‘tags’ based on the object it is attached to,” the Gadget Help Line explained. “Obviously, if something can be read wirelessly then there is the chance for that data to be intercepted and hacked/stolen.”
In the corporate space, this becomes a security risk when wireless devices transmit data via a hundred different wireless protocols, such as Bluetooth, EnOcean, ZigBee or Z-Wave. These proprietary protocols are a particular security concern because they’re only as secure as the manufacturers make them—which is often not very secure at all. That means essentially any device that emits a signal is a potential threat, according to Chris Rouland, CTO and Founder of Bastille, a company that specializes in security airborne threats.
“Whether it’s a smartphone, tablet, smartwatch or a fitness tracker, IoT devices of all sorts can potentially be hacked and used as a portal to gain entry into a corporate network,” said Rouland. “There are also growing privacy concerns around seemingly innocent high-tech toys like Hello Barbie and VTech toys that are constantly ‘listening’ for data. Additionally, transitioning terabytes of sensitive data to the cloud is another vulnerability businesses need to be ready for.”
Rouland added that IoT has made the cyberthreat landscape almost five times bigger. We need to think beyond simply better securing WiFi or avoiding open connections in public spaces. Users and security professionals must also consider concerns such as firmware on a device, operating systems, and cloud provisioning when developing a security plan for devices and their wireless connections. Yet, when it comes to monitoring wireless communications, the only visibility IT departments really have is into their Ethernet and what connects into their Wi-Fi.
“They don’t see the whole picture of activity across their entire radio frequency spectrum, which is a huge problem because you can’t secure what you can’t see,” said Rouland.
Developing a protection plan
How can IT and security departments better defend the corporate airspace? It begins with understanding the airborne threats that exist.
“There is still a level of naivety when it comes to IoT threats because there hasn’t yet been that one breakthrough breach, but it is coming,” Rouland explained. “Once IT departments understand the risks involved, they should start developing a comprehensive IoT security plan.”
It will also include knowing what the trends will be in RFID and then developing a security policy surrounding those new uses of the airspace.
Securing corporate airspace is an issue that, if not already being addressed, needs to be made a higher priority. The reason is pretty clear: By 2020, there will be 50 billion devices using radio frequencies to transmit data machine-to-machine, with an expected five billion in the workspace alone. We’re already seeing the influx of IoT, thanks to the growing use of BYOD and wearable devices like fitness trackers and smartwatches. And remember, the advantages that come with IoT has a big downside, as Rouland pointed out.
“The growing demand for IoT devices means even more opportunities for hackers and cybercriminals to access a corporate network through its airspace.”
By securing the radio frequency spectrum of hundreds of protocols, companies can add another layer of security, particularly for the growing number of IoT devices that aren’t so easily secured.