In December 2015, hackers launched an attack on Ukraine’s electricity grid, leaving 250,000 people without power. Lack of refrigeration caused food to spoil, mobile communications were disrupted, and water and petrol supply shortages were experienced. Almost exactly a year later, as many Ukrainians were readying for Christmas, hackers struck again and parts of Kiev suffered a power outage lasting about an hour.
While the second incident was much less damaging, little more than an inconvenience, the different approaches the hackers took in the two attacks reveal something much more menacing.
The first outage was the result of the hackers gaining access to the utility’s systems and manually switching out circuit breakers. But the 2016 attack is said to have been caused by sophisticated malware that could automate large-scale power outages on grids around the world. It reveals just how fast hackers are advancing their capabilities.
Current security systems fall short
Already today, networks for service providers and critical infrastructure often get more than 10,000 cybersecurity alerts every day. Not all these will be security breaches. Many will be false alerts and duplicate information. Yet, the sheer number of alerts can overwhelm a company’s security team, leading to incidents not being followed up. Teams need better ways to automatically prioritize alerts to be able to focus on the most severe ones first.
With the number of IoT devices today standing at 10 billion and set to rise more than ten-fold in the coming years, it’s clear that conventional human-based security management is about to be overrun. There are simply too many devices to monitor and too many threats to deal with. The sheer diversity of the IoT, from simple sensors to sophisticated devices that connect to the network and with each other, adds further complications.
And even if a device is being monitored, it’s all too easy for conventional security systems to miss unwanted activity. For example, an IoT device may be performing its intended function, but still be leaking data undetected.
How can mounting cyberthreats be countered?
The answer is to replace today’s manually-intensive approaches with security management systems built on three pillars – security analytics, machine learning and automation.
Security analytics correlates data from across the network, devices and cloud layers to spot suspicious anomalies and provide insight into the nature of the threat, the associated business risk and recommended response. In our example of a device functioning correctly but leaking data, security analytics could spot trouble by detecting CPU activity spikes or unusual levels of keep-alive signalling. With machine learning, the effectiveness of such analytics would increase continuously.
Automation is essential. There is a global shortage of cybersecurity experts that is forecast to grow to around two million unfulfilled jobs by 2019. Furthermore, current approaches are inefficient, with up to 33% of incident response time spent on manual processes, leading to delays. Combined with alert fatigue and time wasted on false alerts, many security breaches can go undetected. Security automation that encompasses business processes, regulations and security policies will be essential to keep pace with the rapid rise in attacks that will inevitably accompany the growth in IoT. The traditional approach is largely based on manual processes without a centralized management system. This is still a reasonable approach for some organizations, but the increasing sophistication of attacks and growing regulatory complexity mean this will not be a tenable approach in the medium term.
An expanded security management solution with analytics, automation and reporting would support workflow management and automation, analytics and reporting. This would enable security operations teams to automate and prioritize activities and report data to inform better business decision making.
Recent attacks that have had a global impact are a warning call for users, corporations, and governments alike. Yet, with the kinds of security management systems described above, they could have been prevented. It’s time to act before further damage is caused.
Find out how to make your network and business safe
- Solution brief: Nokia NetGuard Security Management Center
- Video: Nokia NetGuard ACTIVE Security
- Webinar: Cybersecurity: Health Care Takes on a Growing Challenge
- Nokia Security solutions
Share your thoughts on this topic by replying below – or join the Twitter discussion with @nokianetworks using #security #IoT