A security evolution driven by the Internet of Intelligent Things

Abstract

The technological evolution characterised by Social, Mobile, Analytics and Cloud (SMAC) brings transformational benefits for consumers at the expense of increased risk. The risk is not limited to data breach, initiated by cybercriminals. The Internet of Things (IoT) refers to devices with processing capability and internet connectivity. These things have a broad range of uses and may control hardware, such as industrial machinery, vehicles and medical devices. Malfunctions caused by software defects, malware attacks or misuse are potential causes of catastrophic events. This paper argues that information security controls, processes and capabilities need to evolve in order to address the risks that arise in this distributed digital landscape. Commonly accepted best practices, such as secure software development, privileged access control and security configurations are still critical mitigations. They are difficult to implement in the Internet of Things marketplace, however, which is characterised by rapid product development, limited regulation and uninformed consumers. In security terms, we need to defend a rapidly expanding attack surface against an increased range of threats. Loss of system availability or compromised data integrity could have catastrophic consequences for self-driving cars or in the dispensing of medication. When assessing risk, security systems provide necessary but insufficient mitigation. This paper will argue for a multidisciplined approach to risk management, requiring a greater convergence between the disciplines of both software quality and information security. This is especially necessary within the software development life cycle.