Connected devices to bring greater risk in 2021

In 2020 organisations in all industries across the globe changed forever. These changes will alter the risk surface for every organisation in 2021 and beyond, forcing them to adopt new technologies and security strategies to keep pace, according to Forescout.

While the benefits of connected devices such as IT, operational technology (OT), Internet of Things (IoT), Industrial Internet of Things (IIoT) and the Internet of Medical Things (IoMT) can’t be denied, they are also creating additional challenges from a security point of view because they have vulnerabilities in their underlying TCP/IP stacks. These are the basic connectivity software components used in every connected device. While a vulnerability in a single device will only affect that device, vulnerabilities in the TCP/IP stack can affect thousands or even millions of devices across many vendors and manufacturers.

“Organisations will be attacked through these devices in 2021,” said Rohan Langdon, country manager, Australia, New Zealand and Japan, Forescout. “These attacks will potentially prevent organisations in the healthcare industry, for example, deliver patient care at a critical time. The risk of an attack will continue to rise as more devices are added to networks. What’s more, supply chain vulnerabilities will force organisations to rethink their cybersecurity strategies entirely and adopt segmentation and zero trust principles, as maintaining good cybersecurity hygiene with patching IoT and OT devices becomes difficult or impossible.

“While 2020 saw the revelation of the weakness of these underlying TCP/IP stack components with disclosures like Ripple20, 2021 is the year these vulnerabilities will be exploited.”

Landon has made four key cybersecurity predictions for 2021.

1. Increasing supply chain automation

In 2020, the pandemic took a toll on supply chain systems, leaving people without toilet paper, cleaning products and other essential items. As a result, 2021 will drive a new wave of investment in automation technology. A side effect of an increasingly automated supply chain will be that organisations will have to think about how they also apply automation to cybersecurity to ensure these new systems are protected. While it may not yet be a deciding factor in what automation technology is chosen, cybersecurity will have to be a key piece of the overall automation strategy for organisations in every industry.

In addition, the need to adapt security strategies for supply chain systems will come to a critical juncture in 2021 as the world moves to manufacture and distribute vaccines for COVID-19. This process will require many components and critical infrastructure systems to be safely and securely operating across factories, manufacturing, pharmaceuticals, distribution and health care.

2. TCP/IP stack vulnerabilities

In 2020, there were disclosures of supply chain vulnerabilities in the underlying TCP/IP stacks, which is the widely used commodity software and hardware underlying many IoT, IT and OT devices. These vulnerabilities are far-reaching, with a single flaw exposing many devices across many manufacturers and showed the underlying foundation of millions of connected devices around the world is inherently insecure. In 2021, we will see at least one attack leveraging this new category of vulnerabilities, highlighting the fact that there needs to be increased visibility into what components make up each connected device inside an organisation, as well as risk mitigation strategies to account for a growing number of vulnerable devices.

3. Increasing 5G adoption

As the technology matures, 5G-connected devices will see increased adoption across organisations in every industry. While 5G is marketed towards consumers because of the high speed that will be delivered for mobile phone use, many features of 5G promise significant technological advancements for corporate networks. As a result, organisations everywhere will begin to have 5G-connected devices in 2021. This is one of the many steps that will propel us into the next generation of networking, with next-generation technologies replacing local area networks and wide area networks and becoming the new version of Wi-Fi.

4. Remote working

As remote work extends from being a temporary solution to the pandemic to one that companies embrace long-term, the implications of the new work-from-anywhere world will become clear. Home networks contain dozens of connected devices, from Wi-Fi coffee pots to personal laptops and tablets, to video baby monitors. As the perimeter of the office stretches to also include the home, we will see attackers begin to leverage weak consumer devices for enterprise attacks.

Organisations will need to determine how they will adapt to this new world, now that it has become clear that working remotely is not only possible for many but, in some cases, preferred. This means that zero trust capabilities will be more important than ever as corporate laptops connect to home, coffee shop and hotel networks around the world, mingling corporate devices with riskier ones that are no longer controlled by enterprise cybersecurity teams.

Appropriate strategies needed

“2020 made clear that it is almost impossible to accurately predict what the future will look like,” Langdon said. “Despite this, some things are most certainly predictable. Cybersecurity threats are on the rise, with attackers looking for new entry points for attack and high-target areas to cause maximum impact. Cybersecurity teams and leaders must be prepared with the appropriate strategies and technologies to address this in 2021, and beyond.”

Image: ©stock.adobe.com/au/EtiAmmos