Story image

NZ security vendors need to educate clients as hackers break into IoT

15 Dec 14

High-performance network security firm Fortinet, and its threat research division FortiGuard Labs, have taken a look ahead to 2015 determine the most significant cyber security threats of the upcoming New Year, identifying the need for security vendors to educate clients on their security needs as attackers get inside the Internet of Things.

Fortinet says as the number of devices connected to the network increase, cyber criminals will continue to hone their prowess when it comes to Internet of Things attacks and advanced evasion techniques, while also continuing to exploit large-scale server side vulnerabilities for financial gains and other nefarious purposes. The company says businesses and government organisations globally are at risk, as are consumers’ important personal information. 

Jon McGettigan, general manager, NZ and South Pacific at Fortinet says “as 2015 approaches, we expect to see the trend focused on server side vulnerability, started by Heartbleed and Shellshock this year, to continue; particularly as black hat hackers set out to target the Internet of Things.

“The complexity of the threat present to the organisation gives the reseller an opportunity to educate clients on their security needs." 

As crime services extend their research and coverage, hackers will utilise the same type of processes for determining the best ways to bypass security systems. For example, current crime services scan malware against vendors’ capabilities to stop it, and give them a score result. As vendors expand from malware detection to threat intelligence correlation, criminals will work to counter this movement with the same type of approaches to find out if their botnet infrastructure is flagged in other intelligence systems as well, and work to hide their tracks.

Fortinet says security vendors are overloaded with threat intelligence, but technology must integrate to automate protection against that intelligence and not rely on administrative decision. In 2015, cyber security vendors and managed security solutions will make an even greater push toward actionable threat intelligence, with proactive services that filter data that matters and alerts clients to their potential vulnerabilities and protection measures, prior to an attack.

“A vendor’s ability to ensure interoperability between different security products as well as networking, computer, storage and end devices on the network will be a key to success, by helping to create a “self-healing” network similar to SDN,” the company says.

Incident response to date has generally been reactive. Moving forward, proactive response will significantly reduce damages that organisations will face in the future. The selection of third-party vendors that provide more secure development through Product Security Incident Response teams, as well as deep threat research, will limit breach scenarios before they happen. 

Two-factor strong authentication will increase in 2015 as one simple and cost effective proactive measure, while vendor incident response services will grow to help clients when they are under attack.

Fortinet says hackers will continue to follow the path of least resistance as more and more devices are connected to the network. Vulnerabilities that Black Hat hackers will look to exploit will include consumer home automation and security systems, as well as webcams, which we are already beginning to see.

On the enterprise side, Network Attached Storage and Routers will continue to be targets, as will critical infrastructure such as Human Machine Interfaces (HMI) and Supply Chain systems, which will create significant problems with third-party components and patch management. 

Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.