11 June 2017

THE INTERNET OF THINGS (IoT) continues to gain a strong footing in the GCC across different sectors ranging from manufacturing and transportation to energy. The vulnerability of IoT to external cyber threats remains high in fact even higher than traditional IT a recent Booz Allen Hamilton report has highlighted.

The Booz Allen Hamilton IoT Field Guide also states that industries are moving to IoT at a pace that is far greater than the ability to secure it. Traditional IT systems are generally self-contained and easy to protect. IoT, on the other hand, connects systems with tens of thousands of sensors and other devices around the world, resulting in a much higher variety and volume of potential threat.

Saudi Arabia is looking to establish a $100 billion ‘Vision Fund’ that will be devoted to IoT and technological development. This underscores the substantial growth that is expected to occur in the Kingdom over the coming years. However, as connectivity increases so, too, does the potential damage from events like the Shamoon virus and the global ‘WannaCry’ ransomware attack.

Despite the exceptional efforts to remediate and protect systems after the 2012 Shamoon attack in the Kingdom, the virus resurfaced in January of this year, leaving three government agencies and four private sector companies offline for more than 48 hours. It is essential to build advanced security measures into the growth structure of traditional IT as well as IoT frameworks in order to contend within the dynamic cyber threat landscape.

Companies can probably save money by building IoT systems with less-than-secure parts and materials. But if they get hacked, the financial cost of reputational harm including lawsuits, or regulatory penalties could make it much worse for them.

If organizations are to succeed with IoT security has to be deeply embedded in their DNA. This involves a close, careful, and systematic examination of all potential weak points.

Dr. Raymond Khoury, executive vice president and digital practice lead at Booz Allen Hamilton, MENA, said: “IoT is fast becoming a part of every industry and nearly every aspect of our everyday lives – from connected cars and smart buildings, to intelligent homes and even medical devices like pacemakers and insulin pumps.

“It is imperative that organizations visualize and understand the complex interconnections and intricacies of IoT to help identify where potential weaknesses and vulnerabilities lie so that adequate security efforts can be implemented in time. They need to understand that security cannot be an afterthought – it has to be part of everything you do with IoT.”

Booz Allen Hamilton has identified that organizations with the best IoT security are proactive they use real-time threat-assessment data and the latest advances in analytics to spot hidden IoT attacks. The IoT Field Guide includes a ‘Resource Prioritization Model’ that can help organizations mitigate and contain any risks. The model contains three elements the technical risk assessment, the potential impact of an attack on the business, and mitigation strategies. The comprehensive model ultimately empowers an organization’s leaders and stakeholders to make effective IoT security investment decisions.

The process of building the model makes sure that different teams understand their interdependent risks, technologies, and investments and it helps serve as a common platform for IoT security dialogue across the enterprise.

More importantly, the model is an inclusive process that involves stakeholders from across the organization, including human resources, security, IT, law and compliance, and vendor sourcing.

Once developed, the model becomes a living tool one that’s regularly evaluated, updated, and discussed as part of the organization’s broader security processes.

Danny Karam, vice president and digital life platform lead at Booz Allen Hamilton MENA, emphasizes: “It is not enough that organizations discuss cyber threats in the IoT context. They must formalize them into clear policies that everyone will follow. This involves considering the real cost, buying hardware from manufacturers that can help scale their IoT systems, ensuring that their software and hardware aren’t connected to their IoT systems unless they are secure and, finally, incorporating solid fundamental cyber security practices across all levels.”

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe.

In the Middle East and North Africa (MENA) region, Booz Allen builds on six decades of experience partnering with public and private sector clients to solve their most difficult challenges through a combination of business strategy, digital innovation, data analytics, cybersecurity and resilience, operations, supply chain, organization and culture, engineering and life-cycle project management expertise.

© The Saudi Gazette 2017