Mr. Premchand Kurup, Co-founder, and CEO of Paramount Computers sharing his visionary thoughts about IoT security challenges, and potential solutions!
Internet of Things & Security
Internet of Things (IoT) is gaining huge popularity in today’s life. A multitude of real-world applications uses them now, from connected homes and cars to health monitoring and smart electricity meters. However, one of the main things missing from many of the IoT discussions to date is security and trust. When it comes to security and privacy, IoT represents an entirely different level of scale and complexity.
There are several hacks and proof of concepts released in the wild on IoT applications including hacked smart TV, baby monitors, thermostats, etc. In a recent threat assessment report from European crime agency (Europol), there is a warning on the new types of risks and threats from IoT applications in critical infrastructures and consumer markets.
Security risks originating from IoT devices is another aspect of the same problem, as the magnitude of DDoS (Distributed Denial of Service) attacks are multi-dimensional now, considering the amount of traffic a compromised IoT device can generate!
What is the future of IoT applications and its security? What are the existing solutions for implementing a secure IoT system, and how IoT is going to change the cyber world in the future? Premchand Kurup shares some thought-provoking views, that the cybersecurity world should listen to!
Keep reading SecureReading – The Right Security for your Organization!
SecureReading had the privilege of interviewing Mr. Premchand Kurup (Prem), one of the most influential cybersecurity leaders in the region.
“How serious is the impact of IoT security in the physical and cyber world?”
Prem: We have for long been exposed to IT Security. But, OT (Operational Technology) Security which deals with the security of Critical Infrastructure & SCADA Networks is a major source of concern today. With IoT implementations around the corner, IoT Security will emerge as a major discipline within the Cybersecurity arena.
The Impact of IoT vulnerabilities will be significant because IoT implementations are likely to span a large number of vertical industries and the sheer number of IoT devices installed will make it more complex to handle. Gartner forecasted 8.4 Billion connected devices by 2017 up 31% from 2016 & has estimated that by 2020 this will reach 20.4 Billion more than three times the population of the world.
“What are the potential benefits of IoT for data collection which also can act as the potential threats? ”
Prem: Let me address this with just 2 Benefits & 2 Threats :
- Comfort & Efficiency will be a major benefit in several IoT implementations. The threat is safety! You can hack into the devices & change the controls which might even end up affecting human lives. This threat will be there for pacemakers & driverless cars.
- Better decision making as a result of data analytics will be a significant benefit. The threat will be data privacy.
“How is IoT security critical for organizations and governments? Is it different from existing security risks or they are entirely at a different level?”
Prem: While the basic concepts of risk remain the same, from a comprehensive Risk Management standpoint there is a need for Security professionals to understand IoT – devices, platforms, integration, communication & analytics. This is where the challenge lies. We do not have good OT security today simply because the vast majority of Security professionals come from the IT domain & do not understand OT Networks & the associated challenges. The same unfortunately will happen in the IoT Security space.
“What are the key points of vulnerability in existing IoT systems?”
Prem: Let me tell you about 3 of the OWASP Top 10 IoT Vulnerabilities:
- Insecure software/firmware in IoT devices. There is over 250 Million IP Cameras installed worldwide today. Close to 80% will still be operating with the vendor’s default password.
- Insecure mobile & cloud interface. Devices have to ultimately communicate over mobile networks & then to the platform that is hosted in the cloud. If the network is compromised, spoofing will be possible.
- Poor authentication & authorization. In fact, just like how we have a User Identity & Access Management in IT Security we need to have Device Identity & Access Management in IoT Security.
“What role can the manufacturer play in securing IoT? Do they have a major role?”
Prem: Very much. Device manufacturers must build security into the devices & so must the platform vendors. We cannot repeat the same mistakes we made with IT & OT when it comes to the Internet of Things.
“How can smart devices ensure trust and integrity? Will they act as a weak point in security? How can hackers exploit smart devices to perform nefarious activities?”
Prem: We will need to define Authentication Access Policies; have automated secure provisioning of devices; device authentication & credential management; secure communication & data encryption.
“What are the actual examples for exploiting IoTs to gain access to protected data and for performing privacy breaches?”
Prem: Simplest example is that of an IP camera. One can hack into the CCTV Network & enable botnet attacks; jamming; spoofing simply by the door that is open by the use of default passwords. Considering the huge proliferation of cameras worldwide this is a significant current RISK.
“What is the future of IoT from a security point of view? Is there a possible chance of more dangerous malware targeted towards IoT? For e.g. what is the potential for hacking a smart pacemaker? Can they affect lives? Will there be a ransomware which can kill a pacemaker user?”
Prem: My sense is that most of the attacks we have been used to – malware, ransomware, botnets
Read on latest banking malware: Dark Tequila Banking Malware Targets Mexican banking Institutions since 2013
“What are the international developments in improving IoT security? How effective is it going to be?”
Prem: In the near term I see Device Authentication, Provisioning & Access Control of Internet of things devices emerging as the biggest opportunity in IoT Security. This will definitely reduce the attack surface & thus the Risks.
“In summary, what are your specific suggestions to achieve IoT security in general?”
Prem: Just like in the case of IT & OT Security we can protect IoT environments only through a judicious combination of People, Process & Technology. IT would be prudent to speed the process of the Internet of Things Security education & create an army of professionals. Remember, come 2020 and there will be a shortfall of over 1Million cybersecurity professionals worldwide.
Read in SecureReading on Fundamentals of Security – People Process & Technology
This is where countries like India can make a remarkable contribution. ISO, NIST, Thread Group, Open Interconnect Consortium, Industrial Internet Consortium among others should work together to develop Technology & Process Frameworks for IoT Security. In every RISK there is an opportunity. It all depends on how you choose to see it.
Brief Profile – Mr. Premchand Kurup
Premchand Kurup is the Co-founder & Chief Executive Officer of Paramount Computer Systems FZ-LLC, Dubai, UAE.
Prem holds an Honours degree in Electrical and Communication Engineering. A Catalyst, Transformer, and a Teacher-preneur, He is passionate and extremely skilled at building people, entrepreneurs, and organizations. He started his entrepreneurial journey in the year 2000 after spending 18years working in the industry. The exemplary achievements in the field won him the Asia Pacific Entrepreneurship Award in 2016.
He is also the Co-founder and mentor of Headstart FZ LLC which is a is a firm focused on Retail POS & Restaurant Management Software sales and implementation services.
Mr. Prem is also one of the founding members and mentor of Barcode Gulf, which enables customers in Retail; Transportation & Logistics; Courier & Distribution; Healthcare & Government to improve their operational efficiency by utilizing Barcode, RF-ID; smart card and other data capture technologies.
About Paramount Computers
Paramount is one of the major cybersecurity companies in GCC and India which helps customers to protect their critical Information Assets and Infrastructure through a prudent combination of People, Process, and Technology. It was Found in 1992, transformed into an Internet Security Solutions Provider in 1999, reconfigured in 2007 through a Management Buy Out (the first MBO of an IT Company in Dubai Internet City) and being reinvented in 2015 to morph into a trusted cybersecurity solutions provider.
Building quality into the very fabric of the business has made excellence a way of life at Paramount. The company started as early as 2001 at the ISO level and graduated through the EFQM framework by introducing and sustaining a culture of continuous learning, quality and focus on individual value-add inside and outside the organization. Today, Paramount is recognised for their quality and leadership through multiple certifications and awards including ISO 9001; ISO 20000; ISO 27001; ISO 22301; DQAP; Mohammed Bin Rashid Award – Business Excellence; Dubai SME 100; Great Place to Work Award; Dubai Chamber’s CSR Label and Happiness at the Workplace.
Read more on IoT security: Securing Internet of Things(IoT) – How a Connected Device may Risk your Life?