在网络安全领域, 人们被认为是网络安全中最薄弱的环节,这一点早已被讨论和理解. 和, 喜欢安全, everyone has a crucial role to play to ensure a reasonable degree of privacy, 保障个人资料的安全. Measure beyond those implemented by governments and private entities are needed. 然而, 随着物联网(IoT)在工业和家庭中的持续爆炸式增长, and with the deployment of 5G technology, it is likely that humans will become the second weakest link in cybersecurity. The new first will be smart objects. There are 3 reasons smart objects are likely to take the top spot:
- There will be more smart object than humans. 据估计,物联网连接设备的总安装基数将达到21个.51 billion units worldwide and will represent a market of US$1.6万亿年2 by 2025. 这意味着,平均每个人拥有3个智能物品,而且这种趋势可能不会就此停止.
- 到2025年,智能对象将处理和生成约80zb的数据(约占全球数据量的45%), which will be up from 34 percent in 2019).3
- IoT devices are built to make decisions almost independently. 黑客可能更愿意努力攻击这些设备,以获取关键资产,而不是试图欺骗拥有认知能力、能够自然发现异常行为或模式的人类.
Increased 隐私 Attack Surface
Beyond concerns in relation to jobs and social interactions, 人们经常遇到安全和隐私问题,必须相应地处理它们. 例如, 犯罪分子可以侵入家中的智能摄像头和智能恒温器,并获得居住在那里的人的活动, 可能持续数年. Another disconcerting scenario involves smart medical devices, which can be accessed by third parties and can, 在最好的情况下, disclose personal health information to the general public and, 在最坏的情况下, change the course of a patient’s treatment, which could lead to injury or even death. One news outlet managed to access a variety of camera feeds being broadcast online.4
These potential issues are compounded by the fact that IoT devices are, 通过设计, less secure than other “traditional” devices (i.e., computers, mobiles phones). 造成这种情况的原因有几个,包括制造商缺乏将网络安全纳入设备的激励措施. 重点是将价格合理的产品快速推向市场,而网络安全控制可能会增加额外的成本并缩短上市时间. 其他挑战包括原生硬件和逻辑限制,无法构建一流的网络安全功能,以及可能被黑客利用的硬编码/默认密码. 然而, researchers are working to overcome these challenges, and there is no doubt that the situation will evolve.
IoT will be the new playground of hackers, 网络安全专业人员必须发挥重要作用,保护终端用户免受未来几年将影响他们的黑客海啸的影响.
The Role of 网络安全 Professionals
The privacy threat is real, and people should be aware of it. IoT will be the new playground of hackers, 网络安全专业人员必须发挥重要作用,保护最终用户免受未来几年将影响他们的黑客海啸的影响,优先考虑以下几点:
- 通过设计加强安全性从设计单个智能对象到安装/管理智能设备网络(边缘和网关设备),网络安全执法将变得越来越重要。. 从智能设备的设计或设备将被安装的架构, 安全专业人员应该采用最相关的安全措施来限制风险. 有多种已知的方法可以组合使用,例如2因素身份验证(2FA)。, 零信任, trusted platform modules and data encryption.
- Spread awareness and best practices—Awareness has always been one of the top methods for limiting limit cyberrisk. 意识项目应该适应物联网带来的风险,以及如何加强保护的提示. 在专业人士和澳门赌场官方下载之间分享最佳实践可以帮助网络澳门赌场官方下载更好地保护组织的“皇冠上的宝石”. For instance, the IoT 网络安全 Alliance, which groups enterprises such as AT&T, IBM and Symantec has taken a step by bringing together experts “to raise awareness, establish and share best practices, 研究和开发全面保护物联网生态系统的方法,以造福所有人.”5
- Support regulatory decision-makers-毫无疑问,全球各地的法规将发展到包括物联网网络安全. 在那个空间里, 网络专业人员可以帮助当局更好地了解风险,并制定新的法规,迫使组织和物联网制造商在其设备中加入强大的网络安全控制. 美国加利福尼亚州已经率先推出了物联网安全法(SB-327信息隐私:连接设备),要求在加州销售的所有物联网设备都配备合理的安全措施.6 At the US federal level, the bill H.R. 1668: IoT 网络安全 Improvement Act of 2020, currently under consideration by the US Senate, 旨在为美国联邦政府拥有或控制的物联网设备建立最低安全标准.7
当然, end users are in the driver’s seat of their privacy and should also take actions, 例如,在购买设备之前,无论设备可能提供其他功能,都要确保将网络安全作为最重要的功能之一. After purchasing IoT products, 用户还应该将默认设置和密码更改为更强的设置(在设备和网络级别), 2FA设备是一个主要优势),并确保任何智能设备定期更新,以集成最新的安全补丁.
人工智能和机器学习提高智能设备安全配置文件
从风险识别到响应,人工智能(AI)和机器学习(ML)可以显著降低物联网设备带来的网络风险. 通过系统地、安全地捕获与安全相关的事件,并将它们发送到专门的高级分析处理中心, 在网络专业人员的支持下,制造商可以更好地了解威胁模式,并预测如何提高其设备的安全性, 即使有约束条件.
结论
智能物品将改变人们观察环境和与环境互动的方式, and with them will come advantages and disadvantages. 然而, one key element to watch for when considering how, when and where to use these devices is cybersecurity and its implication on privacy. 用户, whether individuals or organizations, 不仅应该确保他们购买和使用的智能设备的制造商具有网络安全意识吗, but also take actions to protect their own privacy.
尾注
1 霍尔斯特,.; “Internet of Things—Active Connections Worldwide 2015-2025,” Statista, 4 January 2021
2 霍尔斯特,.; “Global IoT End-User Spending Worldwide 2017-2025,” Statista, 4 January 2021
3 O 'Dea年代.; “Data Volume of IoT Connected Devices Worldwide 2019 and 20252020年10月26日
4 格里菲思J.; “'Internet of Things' or 'Vulnerability of Everything'? Japan Will Hack Its Own Citizens to Find OutCNN, 2019年2月2日
5 Internet of Things (IoT) 网络安全 Alliance
6 California Legislative Information, SB-327 Information 隐私: Connected Devices,美国,2018
7 GovTrac, HR 1668 IoT 网络安全 Improvement Act of 20202020年,美国
家伙Ngambeket, CISA, CISM, CGEIT, ITIL v3, PMP, PSM
目前是一名拥有12年以上经验的战略和技术管理顾问和技术创业顾问. He has worked on projects across Africa, Europe, the Middle East and North America.