#teissLondon2018, the biggest and most comprehensive cyber security summit will take place at ILEC in London on February 20 & 21. One of the presentations during the course of the summit is titled ‘On the internet, nobody knows you are a fridge’, delivered by Paul Heffernan, ex-ethical hacker and Group CISO for Unipart Group of Companies.
During the presentation, Heffernan will be trying to get across to the audience that although many businesses are embracing IoT for the opportunity to get work done faster, cheaper and to have a competitive advantage, there is increasing concern that it could introduce unknown risks to a business. Cyber security is already a very complex area for businesses so the introduction of IoT to the mix ends up adding another dimension to the risk.
The presentation will be used to further illustrate what’s happened in the world of cyber security in the past year (Wannacry, Petya, NotPetya) and what it means going forward. The presentation will also attempt to see how the status quo changes when IoT is added to the mix, and what types of attacks can be expected in the future.
Using tools available on the internet, Heffernan found mechanisms and entire systems that were open to exploitation due to a lack of proper security. This included wind turbines, manufacturing system and food production plants. Via his presentation, Heffernan wants to illustrate the fact that more needs to be done about IoT security and that businesses need to be thinking about when they want to start putting security in the heart of IoT, as it will help them generate trust in their own their products.
The way that businesses can make sure that the right amount of importance is being placed on cyber security is by focusing on a few things:
1) People understand the importance of having basics in place and yet there is a tendency within the cyber security industry to sell complex solutions. Cutting edge technology is great for protecting businesses but the focus has to be readjusted so that organisations refocus on getting business basics in place.
2) Think about standards and the use of standardisation. If we look at other industries, like health and safety- that industry already knows what needs to be done to stop people from having accidents but it isn’t the same in cyber security. Industry-wide standardisations like ISO-27001 can be applied to improve the basics that are in place.
3) Thinking about how we use standards and basics in things like machine learning, 3D printing and AI to create trust. It is trust then that can then lead a business to have competitive advantage, especially because today’s customers are very savvy. In our everyday lives, we bank with companies, or buy from them not just because they are the cheapest but also based on how well they treat their customers and also how good they are at protecting our data!
IoT affords the cyber security industry a great opportunity to be pioneers with regards to innovation, trust and security. It is time for security to become part of infrastructure in a way that it is built from bottom up and is in the heart of what we do.
Heffernan was one of the first ethical hackers in the UK, and his presentation is perfect for those who wish to:
1) See real-world examples of what IoT security should be like and how it can be built;
2) get pragmatic tips that can help them and their organisations, in their bid to not suffer breaches.
Paul is the Group CISO for Unipart Group of Companies. With nine years’ experience in the cyber security world, including consulting to some of the world’s biggest brands and he engages with the business at board level to enable trusted secure commerce. With an ‘ethical hacker’ background, he is able to address complex security challenges but is equally passionate about driving effective change through unambiguous leadership and communication. Paul is a regular international speaker at various industry conferences such as the e-Crime Congress, CSO Amsterdam 2017 and CISO360 Barcelona. When he isn’t keeping Unipart safe, you can find him tinkering with code and figuring out how to inspire the next generation of cyber security professionals. Paul is proud to have been recognised by the Cyber Security Awards as ‘Highly Commended’ CISO of the Year 2017.