Poorly secured Internet of Things devices are shaping up to be a major threat to Australian organisations in 2018, Jason Edelstein says.
“You’re definitely going to see more in the IoT space, without a doubt,” the chief technology officer at Australian consultancy Sense of Security told Computerworld Australia.
“The proliferation of [Internet-connected] consumer devices is expanding at an amazing knot; you look at eBay and everything’s Internet connected,” he said.
“I think that also rolls over into the commercial space as well because people take these devices and they plug them in in their corporate offices, often unknown to the IT people, and it can have an impact on the security of an organisation.”
“Plus you’re even seeing in commercial office things like projectors and whiteboards are all becoming ‘smart’ and they’re all being plugged in as well,” he added.
“I’ve not seen too many security reviews done around that sort of stuff either, so I think there will be some flow on effects there.”
The CTO said he expects more high profile data breaches in the year ahead, many of them off the back of phishing and other social-engineering-based attacks.
“People that are still just doing that traditional pentesting on the perimeter are ultimately probably going to get owned because there’s easier ways in — if there’s an easier way in the attackers probably going to take that,” he said.
“They’re lazy at the end of the day and want to get maximum return.”
“The sophistication that we’re seeing in compromises is also growing,” Edelstein added. “The actual way [attackers] compromise systems initially in terms of the phishing campaigns they do [involves] much more awareness of the controls organisations have and the ways of defeating or bypassing them.”
The CTO said that he also expects the time to identify breaches is going to creep upwards.
“I think that’s not going to improve any time soon because it’s a bit of an arms race and I’m just seeing that the attackers are still well ahead in most cases.”
Indo-pacific cyber cooperation
Last month Sense of Security revealed that it was working with the Department of Foreign Affairs and Trade to boost the security capacity of nations in the Indo-Pacific region, as part of the government’s Cyber Cooperation Program.
The program is part of Australia’s International Cyber Engagement Strategy, unveiled in October.
“As our neighbours become more connected, Australia will partner to build their technical, legislative and institutional capacity to fight cybercrime,” the strategy document states.
“This will not only preserve our neighbours’ economic growth, but also prevent the creation of cybercrime safe havens that could be used to target Australians.”
“The idea was to raise capability in that region and train people around secure application development so they could learn from some of the lessons we’ve had locally, raise their security maturity and apply them to some of the systems and applications that they build,” Edelstein said.
“It’s something that we’ve run quite successfully locally and gained quite a reputation for in both commercial and government space.”
“It was a good initiative from Australia to help raise the capability in the region,” the CTO said.