https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

Coronavirus

Cybersecurity Crisis Management During the Coronavirus Pandemic

Cybercriminals thrive on chaos, making cybersecurity crisis management vital. 
  • Written by Brian Buntz
  • 24th March 2020

The coronavirus pandemic is arguably the first time a biological virus has a significant impact on the security industry. Cybercriminals can exploit the vulnerabilities in the security protections of medical facilities, homes and factories. At the same time, a handful of governments have rethought physical security with surveillance infrastructure to enforce coronavirus quarantines.   

The pandemic could also catalyze technological and regulatory change, according to Aleksander Poniewierski, global Internet of Things (IoT) leader at EY. The stress of the pandemic will leave many people vulnerable to social engineering —  deceptive tactics to manipulate individuals into divulging confidential information — in coming months, Poniewierski said. 

The rapid shift to remote working, for office workers as well as executives monitoring IoT-enabled operations remotely, opens up threats related to expanded network access. 

“We can expect large-scale implementations of automation and remote-working infrastructure without using robust architectural planning,” Poniewierski said. “Many employees are creating command centers in their home environment with minimal security protections. ”

A ‘Perfect Storm’ in Health Care
The health care industry, which has struggled to secure connected medical devices and legacy equipment in recent years, will likely be pushed to the limit in upcoming months. The potential of COVID-19 to spread exponentially could quickly overwhelm hospital systems, as McKinsey has observed. That fact opens the door for a surge in ransomware and other attacks, said Jarrett Kolthoff, chief executive officer at SpearTip. “Any organization in turmoil faces a potentially increased cyber-risk,” he said. 

Already, the University Hospital Brno, which is one of the Czech Republic’s largest coronavirus test centers, suspended operations on March 13 after a purported ransomware incident. The malware delayed surgeries and testing of dozens of coronavirus samples. In the U.S., ransomware has temporarily blocked public coronavirus updates on a Champaign-Urbana Public Health website.  

IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

Previous ransomware attacks on health care institutions have established a dangerous precedent. The 2017 WannaCry attack, for instance, affected many hospitals as well as devices such as network-connected imaging and nurse call systems. 

Complicating matters, “many IoT-enabled health care devices are not updated with the latest operating systems and security patches,” Kolthoff said. Applying security patches to medical systems could introduce new bugs as they fix others.

Hospitals under duress are also more likely to pay ransoms in the event of a ransomware attack. “At this time, it’s natural [for hospitals] to focus on continuing operations of critical services,” said Hardik Modi, a senior executive at Netscout Systems Inc.

Critical Infrastructure Could Also See an Uptick in Risk

Local governments and critical infrastructure must also contend with strained, unreliable communication channels, according to a New York Times article. As with health care, many industrial organizations find themselves looking to modernize while continuing to use aging technology. “And in the manufacturing realm, you have this labor shortage, and many companies are trying to move to technology-driven production,” Kolthoff said. Industrial organizations have valuable information on their networks, and, given the high cost of downtime, are often willing to pay in the event of a ransomware attack.  
Manufacturers of pharmaceuticals, food and medical equipment are ramping up production to meet heightened demand, while also dealing with new supply chain hurdles. “At the same time, with more people working from home and remotely accessing industrial networks to monitor and configure equipment, it becomes even more important to continuously monitor the network for any anomalous or unauthorized activity,” said Phil Neray, vice president of IoT and industrial cybersecurity at CyberX. “Just imagine that one of your plant employees or third-party maintenance contractors inadvertently clicks on a malicious COVID-19 e-mail link and gets remote access credentials stolen, enabling a cybercriminal to use those credentials to deploy ransomware in your plants,” he added.

Remote Working Brings Consumer IoT Devices to Corporate Networks 

In addition to the risk of rapidly establishing remote-working infrastructure, teleworking positions corporate assets and consumer-grade Internet of Things (IoT) devices reside on the same networks. 

Potential threat vectors include devices ranging from internet-connected electrical switches to smart speakers, smart televisions, thermostats and lightbulbs. “Few of these devices were created and installed with security in mind,” said Mike Jack, senior manager at Spirent. 

“Putting corporate assets on the same Wi-Fi networks as [IoT] devices creates a new entry point for attackers to reach corporate targets,” agreed Curtis Simpson, chief information security officer at Armis.

Internet-connected security cameras are among the most vulnerable IoT devices. Millions of the devices were hijacked in the 2016 Mirai botnet, which caused web outages throughout the U.S., and cybercriminals continue to favor internet-connected cameras.

Many consumers continue to put “a lot of trust” in a growing number of vulnerable devices that are “internet-enabled and don’t even have any means of proper user administration,” Jack said. 

While there hasn’t been a high-profile botnet that triggers a partial internet shutdown after the Mirai botnet, there have been cases of adversaries enslaving IoT devices to fuel distributed denial-of-service (DDoS) attacks for extortion. “DDoS-based extortion campaigns globally operate at a fairly regular frequency already,” Modi said. It’s possible attackers use this tactic to disrupt an internet-based business service such as video or web conferencing, Modi predicted. “It’s early, and I haven’t seen a coronavirus-related extortion campaign, but I would be surprised if that didn’t happen.” 

Surveillance Ramifications

Also related to the Internet of Things, several governments across the world are looking to use public internet-connected video cameras to monitor potentially infected patients seeking to ignore quarantines. 

Sergei Sobyanin, the mayor of Moscow, announced in February that the city was using facial recognition technology to track citizens who left their apartments. Authorities there are also tracing people who have come into contact with residents suspected to have had coronavirus exposure, according to Reuters. 

China has struggled to use facial recognition during the coronavirus pandemic, given its population’s proclivity to wear surgical masks in public. At least two Chinese firms have responded by developing technologies that can accurately identify individuals, even if they are wearing a mask while potentially also measuring temperature to determine if they have a fever.   

China has also used drones equipped with high-resolution cameras and speakers to follow and scold citizens who don’t comply with coronavirus guidance, according to the Wall Street Journal, while Israel and South Korea have also retooled surveillance technology to track its population as coronavirus infections spread.    

As disruptive as the coronavirus is to populations and economies around the world, the primary way it influences cybersecurity is by accelerating existing trends. “As a general matter, it would surprise me if the risk scenario is dramatically different from what we’ve seen before,” said Jamil Jaffer, a senior vice president at IronNet. Countries surveilling their populations with IoT-enabled technology will continue to do so, just in different ways. “And nation-state and criminal actors will continue to focus on [targeting organizations within] the financial, energy, healthcare and government sectors,” Jaffer said. Some adversaries “might switch their focus to health care or look to exploit the work-from-home scenario,” Jaffer added. But given the chaos related to the situation, organizations — especially those forced to retool operations rapidly — should ensure their cybersecurity crisis management capability is as robust as possible. 

 

Tags: Network security Security Technologies Features

Related


  • 3d rendering of human brain on technology background
    AI Ups the Ante for IoT Cybersecurity
    Security providers in IT and OT have implemented AI, ML and other advanced technologies to make systems smarter than malicious attackers.
  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • IoT security
    Protecting Your Network Against Ripple20 Vulnerabilities
    Early this year, Ripple20 wrought havoc on numerous IoT devices, given vulnerable third-party code. Here are ways to prevent your organization from the fallout.

One comment

  1. Avatar Thomas Williams 22nd April 2020 @ 9:05 am
    Reply

    This pandemic forced work from home has made it all the more important for us to take proper measures to ensure cyber security. One of thee most common types of cyber attacks in Corporate Account Takeover Attack (CATO). In this, the unauthorized person gains access to an organisations data by identity theft of its employees. Some of the most vulnerable industries to such attacks are media and entertainment, retail, hospitality, sports, finance etc. It’s important for organisations to take proper security measures and also train their employees for the same during these WFH times.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • An Integrated Approach to IoT Security
  • Tactics for Successfully Selling IoT Technologies
  • Securing IoT at the Edge Is Key to Safe IoT Operations
  • Building a Foundation for AI in Cybersecurity

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

The eSIM Cookbook – Towards the Next Generation of Connected Devices

22nd February 2021

eSIM Delivers Greater Freedom for OEMs – by Beecham Research and Truphone

22nd February 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Microsoft Mesh Yields Mixed Reality Platform Potential dlvr.it/RvDJdh https://t.co/wQjq6cCPCm

8th March 2021
IoTWorldToday, IoTWorldSeries

🎤 Introducing #EIOTWORLD speaker Suresh LC, Chief Engineer at Samsung. 💻 Join his #ai #artificialintelligence sess… twitter.com/i/web/status/1…

8th March 2021
IoTWorldToday, IoTWorldSeries

This International Women's Day, we celebrate & thank the powerful women involved in #EIOTWORLD and the #IOTWORLD ad… twitter.com/i/web/status/1…

8th March 2021
IoTWorldToday, IoTWorldSeries

Zero-Trust Security for IoT: Establishing Rigorous Device Defenses dlvr.it/RvCWGQ https://t.co/SAOg0HIqeA

8th March 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD sponsor, @aicas_IoT — a flexible, more efficient approach to embedded realtime application… twitter.com/i/web/status/1…

4th March 2021
IoTWorldToday, IoTWorldSeries

Microsoft Ignite 2021: Innovation in COVID-19 Era Signals Future Trends dlvr.it/RtwYcg

4th March 2021
IoTWorldToday, IoTWorldSeries

At Microsoft Ignite: How IoT and Robotics Are Driving Industry 4.0 dlvr.it/Rttgwj

3rd March 2021
IoTWorldToday, IoTWorldSeries

🎙️ Introducing #EIOTWORLD speaker, Obinna Ilochonwu, Industrial IoT Architect at Schlumberger. 📅 Join his session… twitter.com/i/web/status/1…

2nd March 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X