Over the past year, we’ve seen a wave of high-profile cyberattacks, and all companies should be concerned. These attacks haven’t been limited to any one industry, but range from credit scores (Equifax) to health care (WannaCry ransomware attack).
WannaCry, in particular, points to a growing threat: cyberattacks on infrastructure. As CNN explained, “The ransomware, called WannaCry, locks down files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.”
Forty-eight thousand medical facilities were affected by the attack in the United Kingdom alone. In all, 300,000 computers were affected in 150 nations. While we may focus on the benefits that could come with smart energy grids, connected cars and the like, these new technologies are a great target for cyberattacks similar to WannaCry.
We need a complete paradigm shift in the ways we think of IoT security. What we need is a way to secure healthcare and financial IoT devices that does not require a complete overhaul; rather, security should be physically embeddable and host-independent if it is to be resistant to current threats.
If you create a low-power, highly flexible, hardware-isolated computational and storage container that puts a physical barrier between sensitive data and the host system, you can secure data and processes independently of an IoT device’s operating system or networking protocol and make them virtually impervious to attack.
Combating Today’s Threats in Health Care and Finance
We often take for granted that the healthcare industry doesn’t use the most cutting-edge technology. Many hospitals rely on older computers that run on outdated operating systems. In fact, experts say this is contributing to the spread of cyberattacks on health care, as outdated software doesn’t receive security updates.
Given the vulnerability and potential impact, it shouldn’t be a surprise that cyberattacks on health care are growing. According to the 2017 Verizon Data Breach Investigations Report, ransomware attacks such as WannaCry are the fifth most common type of malware attack in 2016, up from 22nd in 2014.
Financial services are also an obvious target for cybercriminals, yet their scope in recent years is cause for alarm for both companies and consumers alike. The Target data breach in late 2013 resulted in the theft of 40 million credit and debit card numbers along with the personal information of 70 million customers.
Financial information isn’t just vulnerable at the enterprise level. In August 2016, Russian hackers breached more than 330,000 point-of-sale (PoS) systems. These systems can be found any place that sells a product, including convenience stores, fast food chains and retailers.
PoS systems are compromised when a hacker uploads malware apps into the device. The app can then steal customer payment information without the merchant or customer realizing. The information is then moved to another location within the target environment for aggregation. Finally, the data is sent to an external location for the hacker to use.
The important question for merchants and customers is this: How does the malware get into a PoS system in the first place? Cybercriminals can use physical devices such as card skimmers, or use other social engineering techniques to penetrate the systems. In other words, it’s possible for a merchant to interact with a hacker without their knowing, which makes them all the more threatening.
Of course, attacking industries such as health care and retail will only affect direct participants. Cybercriminals who want to attack entire regions or nations can target other universal infrastructure targets, like energy.
Embeddable Hardware Security: The Next Paradigm of IoT Security
To effectively counter against modern cyberattacks, companies need to implement a hardware layer of security, which operates separately from the hardware and software running on the machine. They protect devices by acting as a security monitor and by physically preventing the intrusion of malware.
While there are various hardware solutions available, there are no platform-agnostic plug-and-play solutions that can be applied to today’s cybersecurity challenges, including those for infrastructure. Chip-based security acts as an envelope that’s compatible with both standalone and networked devices, which protects connected devices from most forms of cyberattacks.
The advantages of hardware-based security are numerous:
- Hardware root of trust provides ultimate protection against weaponization of the endpoint with malicious software
- User data and encryption keys are stored in a physically separate memory array
- The apps and algorithms, which are used to ensure security, are executed in hardware-isolated trusted environment
Infrastructure cyberattacks can cause massive damage for companies, industries and entire nations. Yet, we can’t forget the role the individual plays at the start of these attacks. Oftentimes, only a single machine needs to be penetrated to compromise an entire network.
This is why a hardware layer is so necessary, and should be included as part of a comprehensive cybersecurity program. Every machine needs to be protected without the need for software updates or human intervention.