by Srinivas Kumar, vice president of IoT solutions at DigiCert
From hijacking confidential data to stealing billions in cryptocurrencies, hacker attacks spared almost no industry in 2021. Worldwide, the number of weekly cyberattacks increased by 40 percent over last year, according to a report by Check Point Research, a cybersecurity intelligence firm.
Based on the Check Point report of recorded cyberattacks in Latin America, they increased 38% in 2021. They argue that cyber criminals will continue to innovate and find new methods to execute cyber attacks, especially ransomware. In Brazil, what was most surprising was the wave of cyber attacks on institutions. From January to November, the branch of the Institutional Security Office (GSI) that monitors cybersecurity issues recorded 21,963 such notifications in the country. In all of last year, there were 23,674 records. From one year to the next, breaches that allow malicious exploitation in computer systems and networks jumped from 1,201 to 2,239.
In terms of cybersecurity, I have been reflecting on the concept of infinite game for over a decade and through several startup ventures in this space. We continue to design shields and weapons, such as intrusion detection and anomaly detection mechanisms powered by threat intelligence, grammar rules, regular expressions, probability theory, and deductive, inductive, and abductive reasoning. Yet despite all this, the industry is still exposed to high profile data breaches and ransomware. What are we missing? That is the question. Perhaps the answer is that we may be solving the wrong problem.
We need to look closely at future threats
When it comes to cybersecurity for the Internet of Things (IoT), we need to examine not only where the problem is today, but also, more importantly, where it may manifest itself again tomorrow. The 5G network and the cloud at the edge are poised to radically change the game in our lives. What we are observing today is far beyond digital transformation and data brokers. Google is no longer a search engine, but APIs. Facebook is no longer about faces, but about data. Microsoft is no longer an operating system, but a cloud platform. Cars are no longer about miles per gallon, but about software-defined transportation. Factories are no longer about automation for production at scale, but about artificial intelligence (AI) and machine learning (ML) for robotization. Data centers are no longer about clouds of big data, but about edge computing and software-defined storage in the fog.
Learning to Protect Yourself
What we are observing is the power of transformation. From the Stone Age, through the Middle Ages, the Modern Age, the Digital Age, to the Data Age, the global economy has evolved to the digital platform of data as the fuel that drives intelligence. Intelligence can turn knowledge into tools to be creative, or knowledge into weapons to be destructive. To begin to solve our cybersecurity challenges, we can collect intelligence from devices for use as a self-defense tool for cyber protection. Similarly, we can turn device lifecycle management into protection lifecycle management. And finally, we can improve data privacy and integrity to establish data reliability and prevent weaponization.
Tectonic plates are moving in cyberspace. The future of things is in the things of the future. Things are no longer connected simply by wires and protocols, but by waves (5G) and APIs. These things of the future are devices with north, south, east, and west connectivity, requiring a frictionless, perimeter-free operating surface. take, for example, the Ashoka Stupa, which contains a fascinating lesson in the life cycle of protection, proving that remarkable solutions are possible with ingenuity.
The Ashoka Stupa, a 7-meter-long pillar on the outskirts of Delhi, India, was built 1,600 years ago and is made of iron that has not rusted. It is 98% iron and the remaining 2% is composed of lead, brass, bell metal (copper and tin) and phosphorus from wood blast furnaces (instead of modern limestone blast furnaces). It rusts in the first phase with water and air (ferrous oxide FE-O); however, a chemical reaction between the metal and the first phase creates misawite to form a ferrous oxide hydroxide (FeOOH), which forms a passive “self-defense protection” layer.
We need to look closely at future threats
When it comes to cybersecurity for the Internet of Things (IoT), we need to examine not only where the problem is today, but also, more importantly, where it may manifest itself again tomorrow. The 5G network and the cloud at the edge. Sometimes protecting is more important than detecting
Traditional information technology cybersecurity rules identify indicators of compromise on a hacked device – like a forensic science. Forensic science is the discipline in which professionals use scientific means to analyze physical evidence of crimes. Life science is the study of life and living things. A paradigm shift is needed to enable data science to reach new heights and goals for a safer digital planet.
The new IoT cyber protection paradigm must use artificial intelligence with device intelligence – like a life science. As we transition from old security models, cyber strategies will necessarily shift from reactive methods, such as detection, forensics, and forensic science, to proactive methods, such as protection (vaccination), self-defense (immunity), and a life science approach to cybersecurity.
Cybersecurity as a service is the enabler for protecting IoT platforms in the age of digital transformation. Don’t ask if the device is compromised; ask if the device has protection. Change the rules. Protecting emerging IoT devices and edge clouds is an endless game and it’s just beginning.
*** Translated by the DEFCONPress Team ***