Skip to content

The Cybersecurity Skills Gap Is Widening: The Reasons Why May Surprise You

We live in a world where cybercriminals can penetrate an alarming 93% of company networks. In fact, this trend looks set to continue as we move further into 2022 and beyond. 

Simply put, the cyber threat landscape is becoming increasingly dangerous for organizations and individuals today. For example, cybercriminals are becoming more sophisticated in their methods, shadow IT is widening the corporate attack surface, and network administration errors and misconfigurations are common. At the same time, Crime-as-a-Service (CaaS), where experienced cybercriminals sell access to tools and knowledge needed to execute an attack, is skyrocketing in popularity. The result? More hackers and more successful cyber-attacks. 

We need to strengthen our cybersecurity arsenal if we want to turn this situation around and effectively safeguard corporate systems. And that starts with people – the cybersecurity professionals who find unique solutions to keeping bad actors out. But unfortunately, the widening cybersecurity skills gap is making this extremely difficult. With this in mind, let’s look at the current state of the cybersecurity skills gap and what’s driving it. 

The Current State of the Cybersecurity Skills Gap

According to Fortinet’s 2022 Cybersecurity Skills Gap Report, the cybersecurity skills gap contributed to a whopping 80% of data breaches last year. And these breaches had dire consequences, with 64% of organizations saying they lost revenue or faced fines and 38% reporting that breaches cost them more than a million dollars. 

Companies need skilled cybersecurity professionals now more than ever, but finding and keeping this talent is becoming increasingly difficult. For example, the same report found that 60% of organizations struggle to recruit cybersecurity talent and 52% struggle to retain qualified people, despite 76% of organizations indicating their board of directors now recommends increasing cybersecurity headcount. 

In simple words, organizations urgently need to close the cybersecurity skills gap to tighten their network security and keep pace with nefarious actors, but the gap continues to widen. For example, according to another report, the global cybersecurity workforce will need to grow by 65% to defend organizations’ critical assets effectively. 

At the same time, we continue to make immense strides in technological innovation across industries. Technologies that once seemed like science fiction, such as artificial intelligence (AI), machine learning, and Internet of Things (IoT) devices, are now becoming commonplace. But while these technologies undoubtedly add enormous value, we’re not hiring and training the talent to ensure their security.

Perhaps the most puzzling aspect of this situation is why precisely the cybersecurity industry is struggling to attract and retain talent. On paper, cybersecurity appears to be an attractive job prospect for fledgling tech enthusiasts or even IT workers who might want to transition roles into areas like network engineering, cyber intelligence, or security analysis. 

The appeal for people entering the field should be strong job security, a wide variety of opportunities, the ability to make a real impact, and decent pay (the average salary for a cybersecurity engineer in the US is $101,5481). And IT workers looking to transition into the role get much the same benefits but with a lower barrier to entry. For example, a coder is unlikely to struggle to wrap their heads around firewall types, network access control, and authentication security protocols like 802.1X. 

And yet people aren’t jumping at the chance to work in cybersecurity. Moreover, nearly one-third of the cybersecurity workforce plans to leave the field in the near future. But why? 

Factors Driving the Cybersecurity Skills Gap

Various factors are at play in why the cybersecurity industry faces talent shortages and a widening skills gap. So, let’s get into them. 

An Increasingly Demanding Skill Set and Entry Requirements

Due to the severity of today’s cyber threat landscape, cybersecurity professionals need a massive range of skills, and the list is growing yearly. Organizations increasingly want workers to have strong computer science, network engineering, and other technical skills in addition to computer forensics skills, problem-solving skills, and more. 

And more often than not, one of the key prerequisites to enter the field is a formal degree and an advanced professional certification like CISSP (Certified Information Systems Security Professional).

But despite these requirements, getting cybersecurity skills while still in education is often challenging. For example, only 43% of the US’s top 50 computer science programs include security courses for undergraduates. In other words, we might be failing to attract budding IT professionals into cybersecurity before they choose their career paths. And when this next generation of IT workers opts for a different discipline, they find themselves without the needed certifications to transition into cybersecurity. 

Cybersecurity is Too Stressful

Sadly, stress is an industry epidemic in cybersecurity. Defending against advanced threats daily or even hourly can take a toll on mental health, which is reflected in the statistics. For example, according to Deep Instinct’s Voice of SecOps Report, 45% of C-suite and senior cybersecurity professionals have considered quitting the industry due to stress. And another study from the UK found that 42% of security leaders say they would be unlikely to recommend a job in cybersecurity due to the stress of the job.

A Thankless Job

Cybersecurity teams typically attract the most attention when something goes wrong (a successful breach). But, when they successfully defend the network, there’s silence. As a result, morale is often low in cybersecurity teams. If you’re going to be stressed, you should at least have your successes championed, right? Unfortunately, too many companies are failing to do this right now. 

Attitudes Toward Cybersecurity

Most companies recognize that network security and cybersecurity are essential in the modern world, but that doesn’t mean they have positive feelings toward them. Many high-ranking employees believe that cybersecurity stifles innovation or that cybersecurity teams are too heavy-handed regarding network access control. They don’t see all the attacks that cybersecurity teams prevent, so they assume the team is needlessly restricting their access to files and apps to exert power. 

Choosing a career in cybersecurity can seem unappealing if you’re anticipating being undervalued by your employer. 

Where Do We Go From Here?

Unfortunately, it’s never been easier to become a black hat hacker. Advanced hacking tools are easy to come by, and knowledge sharing for things like phishing attacks, whaling attacks, and corporate account takeovers is rife. But the barrier to entry for the other side – the good guys who want to protect corporate networks is far higher. So companies that want to strengthen their network security need to take steps to overcome the cybersecurity skills gap and deploy advanced tools to help bridge the gap. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The Power of Role-Based Access Control in Network Security

Determining the right network access control (NAC) security policy for your organization isn’t an easy task.

It’s often a balancing act between keeping your network secure and ensuring employees can access the systems they need to do their jobs.

Role-based access control (or RBAC) can be a good way of ensuring your network is protected. If you’ve been considering implementing RBAC in your organization but aren’t entirely sure of the benefits, this article will answer your questions.

What is role-based access control?

Role-based access control is a way of restricting access based on a user’s role within an organization. This means that users aren’t assigned permissions directly but are instead given roles that govern their levels of access. Depending on their job and responsibilities, a user may have one or more roles.

Let’s say, for example, you have a staff database on your network, which contains all your employees’ contact details and contractual information.

Everyone in the organization may have access to edit their own personal details. Managers may have access to edit their team’s information, but no one else’s. Your HR team may have full access to the database to view and edit everyone’s data.

RBAC works on the Principle of Least Privilege (PoLP). This means users have the minimal level of access needed to carry out their job.

RBAC isn’t the only access control method available. There are other options you can consider, like attribute-based access control (ABAC), policy-based access control (PBAC) and access control lists (ACL). However, role-based access control is one of the most effective ways of not only keeping networks secure but improving organizational efficiency.

A study by NIST has shown that role-based access control addresses most of the needs of government and commercial organizations.

Why is role-based access control so important when it comes to network security?

Networks are more susceptible to security breaches than ever before. People working from home and the introduction of BYOD policies mean more endpoints that can be compromised.

In fact, according to IBM, it’s estimated that data breaches in 2021 cost businesses an average of $4.24 million.

With this in mind, it’s essential to ensure networks stay safe. Here’s how role-based access control can provide security for businesses large and small.

I. It makes it easy to ensure networks are secure

Setting up permissions for networks is relatively straightforward. However, as people start, leave, and move around organizations, permissions can become less efficient. Users may end up with access to systems they no longer need.

RBAC means IT departments can effectively manage what access people have with a click of a button.

Let’s go back to the example of the staff database above and say that a new staff member has joined the HR team. Rather than setting access at a user level, you can add them into the ‘HR’ role so they can have full access to the system.

A few years later, let’s say the staff member moves into the sales team, meaning they no longer need full access to the staff database. Rather than changing every single point of access they have, it’s just a case of adding them into the ‘sales’ role instead.

II. It reduces the attack surface

It’s estimated that one in four data breaches result from human error. With RBAC, if a member of staff causes an accidental (or intentional) data breach, there will be less impact.

Let’s say someone is a victim of a phishing attempt, and a hacker obtains their login details. The hacker will only be able to access the information that the member of staff has through the roles they have been allocated.

This means even if a data breach occurs, most of your information will still be safe.

III. It eliminates the risk of ‘insider threats’

Disgruntled employees can often try and settle the score by leaking confidential data or deleting important information. Earlier this year, an IT technician in the UK was jailed for 21 months for wiping data from the school he was formerly employed at after being fired.

As role-based access control gives just enough access to ensure staff can carry out their jobs, it minimizes the risk of users causing intentional harm to your networks.

Similarly, if you work with any third parties, you can use RBAC to assign them pre-defined roles and limit what they can view or edit. Once you stop working with them, you can quickly remove their permissions.

IV. It can quickly scale and adapt

As RBAC deals with overarching roles rather than individual permissions, it can grow as an organization’s IT requirements do.

Let’s say you acquire a new application for your organization. Role-based access control makes it easy to create new permissions as well as set different levels of permissions quickly. As a result, you can ensure any new hardware or software stays secure and that the right people have access.

V. It can ensure you stay compliant

Some industries, like healthcare and financial services, are heavily regulated and have stringent compliance regulations in place. For example, the Health Insurance Portability and Accountability Act (HIPAA) states that only certain people should be allowed access to specific systems.

Role-based access controls can ensure that organizations in these industries do what is required of them, minimizing the risk of security breaches as well as fines for willful violations of the law.

How Portnox can help with your RBAC requirements

Role-based access control can be an extremely efficient way of ensuring network security and can be as top-level or granular as your organization demands. The key is developing a solid strategy before creating and assigning roles.

Which parts of your network need access control, which departments need permissions, and how will you assign people to the right roles?

If you need extra support keeping your network safe, Portnox is here to provide you with peace of mind. Our NAC security solutions come with role-based authentication and access policies to ensure the right people can access your network at the right time.

Contact our team today to find out more.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cloud-Native TACACS+: Modern Network Device Administration

What is TACACS+?

TACACS+ is a remote authentication protocol that allows a remote access server to communicate with an authentication server in order to validate a user’s access to a network device such as a wireless access point or wired switch (i.e. network device administration).

Cloud-Native TACACS+ by Portnox

Portnox TACACS+-as-a-Service is the first and only cloud-native solution for network device administration – authentication, authorization, and accounting (AAA). TACACS+ by Portnox enables organizations to maintain transparent and secure administration of network devices by centralizing user authentication, access control policy enforcement, activity audit trails, and more – all from the cloud.

Authentication for Network Devices

Strengthen network device administration and improve organizational efficiency by authenticating users via Open LDAP, or Active Directory integration. Portnox supports Azure AD, Google Workspace, Microsoft AD, and OKTA.

Authorization & Access Control

Easily enforce network device access control policies that limit configuration changes to maintain administrative security. Dictate privilege levels, allowed services, the use of specific autocommands, custom attributes, and more.

Audit Trails & Accounting

Track user activity and attributes across network devices such as identities, start and stop times, executed commands, packet transfers, and much more to help maintain administrative transparency and streamline security audits.

Key TACACS+ Features from Portnox

System ArchitectureAuthentication MethodsAuthorization PoliciesAccounting RecordsIntegrations
Cloud-nativeAzure ADPrivilege levelsUser identitiesSIEM
MS Azure-hostedGoogle WorkspaceSession timeout valueStart / stop timesActive Directory
No upgradesMicrosoft ADAutocommandsExecuted commandsRESTful API
No patchesOKTAAllowed servicesPacket transfers 
Hardware agnosticOpenLDAPCustom attributesUS-ACII strings 
…and more

Network Device Administration with Portnox

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Leveraging Machine Learning for Behavior-Based Access Control

Enterprises today need to be able to interact dynamically and share information with the right people at the right time. As a result, organizations continually add more interconnected systems to their network to allow information to be readily accessible to those that need it.

However, while this interconnectedness is crucial for modern businesses to thrive, it also leaves them vulnerable to cyberattacks. And as enterprise environments become more complex, it’s becoming clear that traditional approaches to access control and threat monitoring simply aren’t sufficient in an increasingly severe cyber threat landscape. But some leading cybersecurity researchers think there could be a better way – Behavior-Based Access Control (BBAC).

What Is Behavior-Based Access Control (BBAC)?

In simple words, Behavior-Based Access Control is a way of analyzing actor behavior and assessing the trustworthiness of information in real-time using machine learning algorithms. But before we can truly understand BBAC, we first have to understand how enterprises tackle these issues today.

The Current State of Access Control

Companies currently use a combination of different technologies and methodologies to monitor their systems and grant access to information.

The way we approach access control has evolved considerably over time and now includes methods like role-based (RBAC), team-based (TMAC), attribute-based (ABAC), context-based (CBAC), and Situation-Based (SitBAC) access control, among others. But while these approaches do a decent job of locking down information to authorized users, they’re not without drawbacks.

Crucially, most current access control methods are grounded in static policies governed by access control rules. And this presents some significant security risks. For example, what happens if a bad actor steals an access card? Or if an insider performs illegitimate actions within their privilege realm? With traditional access control methods, bad actors can potentially go undetected for a considerable amount of time, exfiltrating data or wreaking havoc on the network.

Misuse of information should be a top priority for any modern enterprise. Still, the situation becomes especially serious for companies that deal with highly sensitive data, like those in the healthcare, finance, and government sectors. And companies in these sectors (or sufficiently large companies in any industry) are increasingly moving towards large-scale distributed systems, where various components are spread across multiple computers on a network. But these systems are often as complex as they are large. As a result, managing access control at scale quickly becomes unmanageable, and errors often slip through the net.

The Current State of Threat Monitoring

On the monitoring side, companies leverage technologies like the Snort or Bro network intrusion detection system or the Host-Based Intrusion Detection System (HIDS). And while these cybersecurity monitoring systems help safeguard corporate systems, they have several limitations. Namely, these types of solutions are typically signature-based and narrowly focused on specific parts of the overall systems. Signature-based monitoring can’t account for sophisticated attacks, like zero-day attacks, where signatures are yet unknown.

Lastly, while companies today often collect vast amounts of useful security such as server logs, they don’t analyze this data in real-time. Instead, this data is used for offline forensics, potentially days, weeks, or even months after a security event. By this time, attackers have likely already completed their nefarious activities and are long gone.

How BBAC Works

BBAC leverages machine learning to dynamically analyze actors’ intent and assess the trustworthiness of information within the system. But how?

BBAC uses a combination of rule-based behavior signatures with statistical learning methods to create a more robust and flexible way of assigning and managing trust. So, for example, BBAC can analyze patterns in the network and adjust access over time and as needed. It can also respond to potential security events in real-time. For example, the machine learning algorithm can create a baseline for expected user behavior by using historical and real-time data. Anything that falls outside of this could be considered suspicious and warrant immediate action, either manually or through automation.

This is contrary to how isolated traditional rule-based systems work, whereby once an actor gains access, they can essentially operate with impunity within their access rights.

The idea here is that BBAC can diminish the risk of misplaced trust and deter the abuse of authorized privileges by continuously monitoring behavior. It analyzes observable behaviors on several different layers in real-time to check for intricate patterns that would otherwise go unnoticed. And by employing this type of sophisticated analysis, IT teams eliminate the need for draconian deny rules at specific layers in the system.

At the same time, user-based BBAC can help alleviate some of the problems companies face when defining access. For example, let’s say a particular policy is set up to deny access to specific files if a user isn’t in an approved location. The machine learning model might detect that users continually request this type of access and alert the security team. Armed with this information, businesses can adjust their policies to allow more flexibility within certain contexts.

The Nuts & Bolts of BBAC

So, what’s actually going on here? How does this machine learning thing really work? Machine learning is all about getting computers to “learn” and make decisions without explicit instructions. And for a machine-learning algorithm to learn, it needs to process vast amounts of data.

For BBAC, the significant data comes in the form of network flow information (TCP and UDP), Higher-level transport protocols like (HTTP, XMPP, and SMTP), audit records (like those produced by web and DNS servers), and application-level content like PDF documents or email and chat messages.

So, that’s the data that feeds the model, but what about the model itself? BBAC models are still in their infancy, but current examples use a combination of supervised and unsupervised machine learning to achieve full BBAC functionality.

Supervised learning leverages labeled datasets designed to train or supervise the algorithm in classifying data and accurately predicting outcomes. So, for example, the algorithm becomes competent at separating data into specific categories, like expected network traffic and unexpected network traffic. This is called classification. The regression supervised learning method can also be used to understand the relationship between dependent and independent variables, which can be useful for predicting outcomes using numerical data.

By contrast, unsupervised learning uses unlabeled datasets and allows the algorithm to discover hidden patterns without human intervention.

Wrapping Up

Behavior-based access control has enormous potential to make enterprise environments more secure, flexible, and responsive. And as we progress through the 2020s, we expect to see more research in this area and likely adoption of this technology by reputable firms. The Department of Defense is actively interested in BBAC, so that should tell you something about where this approach is heading!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

3 Years On, Has SASE Lived Up to the Hype?

First coined by research firm Gartner in 2019, SASE has become a hot topic in the IT industry in just a few short years. Undoubtedly accelerated by the COVID-19 pandemic, SASE has captured the attention of IT professionals in the network and security landscape as they prepare for an increasingly cloud-centric way of working. 

However, with so much hype surrounding SASE, many people wonder whether it lives up to its promise to future-proof corporate networks. Or, in other words, is the hype actually overhype? And does SASE deliver the simplified but secure networking reality we’ve all been waiting for? Let’s get into it. 

What is SASE?

Secure access service edge (SASE) is a framework for network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions to securely connect users, systems, and endpoints to applications and services anywhere. 

It converges network security solutions like secure web gateways (SWG), cloud access security brokers (CASB), firewall as a service (FWaaS), and zero-trust network access (ZTNA) with SD-WAN to create a unified, cloud-native service. But why has it garnered so much attention?

What Problems Does SASE Promise to Address?

In the past, companies would implement network access with siloed point solutions that were often complex, costly, and difficult to manage. This hurt IT agility and prevented enterprises from scaling their networks effectively and securely. And this issue has only become more challenging as companies shift from on-premise to the cloud. 

SASE offers a solution to these problems and more. It promises to simplify network security in the cloud, improve efficiency and security, and reduce costs. For example, with SASE, organizations can fine-tune network access control (NAC) and secure seamless access for users, achieve real-time application optimization, apply consistent security policies, enable more remote and mobile access, and more. 

In simple words, SASE promises a way to future-proof your business. If you suddenly experience a surge in traffic or decide it’s time to expand into other regions, you can rely on SASE to keep up. Because it’s a cloud-based distributed service, you can add or remove capabilities as needed and ready your network at breakneck speed, all without purchasing additional software and managing new contracts. 

Why SASE Is Failing To Live Up to the Hype

Despite the many promises SASE offers, many companies are struggling to realize these benefits for several reasons. Successfully adopting and implementing SASE presents many challenges for organizations. And at the same time, many security vendors don’t yet have the skills or experience with SASE to deliver on its promises. Or in other words, SASE can work brilliantly when done well, but more often than not, this isn’t happening. 

The Hurdles to SASE Realization

A Paradigm Shift

Some people argue that SASE is nothing new but rather a consolidation of various security tools already in existence. However, while this statement has some truth, SASE requires a paradigm shift in organizational mindset. SASE shifts security from a site-centric model to a more user-centric and contextual-based approach. This means security teams have to rethink how they view the network. 

Additionally, consolidating these tools under a unified solution means companies need to break down silos between networking and security teams. These teams need to collaborate, and as a result, roles may need to be more flexible. 

When organizations fail to embrace these changes, they don’t realize the true potential of SASE. 

A Confusing Vendor Ecosystem

Security vendors are all too aware of SASE’s hype and leverage this with non-stop marketing. Unfortunately, this can leave many companies confused about the tools and methodologies they need to help their business stay competitive. 

And even when an organization decides on a specific set of tools to adopt, it’s not as simple as choosing a vendor that offers these tools. The organization also needs to look closely at its existing tech stack for duplicative capabilities. Failing to do this can lead to tool sprawl – where unnecessary purchasing of new IT tools leads to redundancy, wasteful spending, and increased system complexity. 

And then there’s the risk of vendor lock-in. Adopting SASE is an excellent way for companies undergoing cloud transformation to simplify the security process and cover many compliance requirements. However, companies also have to accept that they’re getting all capabilities from one supplier and that this comes with a cost. If the chosen SASE product becomes outdated, switching to a new one might not be straightforward. 

A Young SASE Market

Legacy hardware vendors are increasingly offering SASE architecture to rise to the current demand. However, with their lack of expertise, these vendors might not be the best option. For example, they could lack the cloud-native mindset to bring the SASE architecture to life, resulting in cost and performance problems. Also, traditional vendors often lack the experience in evaluating context, a core principle of SASE, limiting their ability to make context-aware decisions. And lastly, some solutions might come up short because the providers only have experience in either networking or security, but not both. 

The Future of SASE

There’s no doubt that as the current IT landscape continues to mature, there will be an increased need for simplified network and security management. And we see this reflected in attitudes toward SASE. For example, Gartner predicts that by 2025, 60% of all enterprises will have clear strategies to adopt SASE. 

But how quickly SASE will become the new norm is still up for debate. Today, many companies are shifting a significant proportion of their environment to the cloud and outsourcing SD-WAN management. At the same time, they’re choosing to maintain control over their security services internally. As a result, these companies may not be in a rush to move to the SASE approach because their current setup works well enough. 

We could also see SASE adoption massively boosted if the major cloud suppliers decide to incorporate SASE services in their licensing models. Still, we’ll have to wait to see if this becomes a reality. 

As it stands today, the future of SASE looks promising, but it’s not set in stone. 

Wrapping Up

SASE is a powerful concept, but it’s still in its infancy. This means organizations and vendors are still ironing out the issues that come with new technologies. And where there’s new tech, there’s always resistance. However, resistance isn’t always a bad thing – modern cybersecurity encourages us to do away with implicit trust and be cautious and deliberate in our actions.

Network security should be taken seriously, but that doesn’t mean it needs to be hard work. This is where Portnox comes in. We offer robust and affordable cloud-native network access control (NAC) solutions for companies of any size. Get in touch to learn how we can future-proof your network. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Security Deepfakes Are on the Rise: What This Means for Corporate IT Security

In early 2020, a Hong Kong bank manager received a call from a company director asking him to authorize transfers to the tune of $35 million. Recognizing the director’s voice and being convinced of the reason for the transfer (an upcoming acquisition), he began moving the money. However, this request was entirely fraudulent – the bank manager had never spoken to the director. Instead, he was duped by a worrying new technology dubbed “deep voice“, a subset of deepfake technology.

Cybercriminals are increasingly leveraging security deepfakes to facilitate business email compromise (BEC) fraud and bypass multi-factor authentication (MFA) protocols, and know your customer (KYC) ID verification. And as deepfake technology becomes increasingly more sophisticated and accessible, this trend will only continue. For example, only last year, the FBI warned that malicious actors would undoubtedly leverage “synthetic content,” like deepfakes, for cyber operations over the next 18 months.

But just how do bad actors leverage deepfakes? And what does this mean for corporate IT security? Let’s get into it. 

Security Deepfakes, Explained

Deepfakes use artificial intelligence and machine learning to create compelling images, videos, and audio hoaxes. They are a type of synthetic (computer-generated) media and can be so convincing at mimicking a real person that they can fool both people and algorithms. 

Here, the specific technologies at play are deep learning and general adversarial networks (GANs). In simple words, this means that two neural networks (computing systems inspired by how the human brain works) compete against each other to create increasingly convincing media. The goal of neural network A is to generate an image that neural network B cannot distinguish from its training data. And the goal of neural network B is not to be fooled in this way. The result? Scarily convincing generated images. 

The introduction of GANs has significantly advanced deepfakes, but other prominent technologies are also contributing to deepfakes’ rise – 5G and cloud computing. These technologies allow video streams to be manipulated in real-time, opening the doors for live-streaming and video conferencing fraud. 

How Security Deepfakes Bypass Cybersecurity Controls

Defending corporate networks in a world where high-profile data breaches are a daily occurrence is no easy task. Organizations today rely on robust IT security protocols and tools, including AI-driven network security, stringent network access controls, zero trust principles, and more. However, while companies work hard to strengthen their IT security, cybercriminals work hard to find a way around it. It’s a game of constant cat and mouse. 

Deepfakes are particularly concerning because they can dramatically increase the effectiveness of phishing and BEC attacks – something that organizations are already struggling to combat. For example, according to CISCO’s 2021 Cybersecurity Threat Trends report, around 90% of data breaches occur due to phishing

Deepfake Phishing Attacks

Much of the security threat around deepfake phishing revolves around their use in business email compromise attacks. Why? Because BEC attacks are the highest-grossing form of all phishing attacks for cybercriminals

In a business email compromise attack, cybercriminals send convincing-looking emails attempting to trick a targeted employee into releasing funds or revealing sensitive information. And unlike in traditional phishing attacks, these emails aren’t sent out indiscriminately – they are specifically crafted to appeal to specific individuals. 

These types of attacks rely on trust and urgency. For example, when you get a request from your boss asking you to transfer funds, you trust that it’s a legitimate request, and you feel compelled to act quickly to avoid disappointing them. Cybercriminals love when people act quickly because it leaves less room for doubt and critical thinking, and they use several tactics to try and ramp up the urgency in their messages. 

But security deepfakes work by targeting the other component – trust. A voicemail or video message from a senior ranking employee is even more convincing than a carefully crafted email. And deepfakes still seem in the realm of science fiction for many people. Most employees won’t stop to think that a cybercriminal has trained an algorithm on audio recordings of their boss freely available online.

The rise of hybrid and distributed workforces are also contributing to the success of this type of attack. It’s no longer unusual for employees to receive high-impact requests without speaking to someone face to face. 

Remote Identification Verification

Security deepfakes are becoming increasingly successful at bypassing remote identification verification checks. For example, recent academic research found that deepfakes are around five times better at spooring verification solutions than traditional methods like 3D masks and printed photos.  

Know-Your-Customer (KYC) verification checks, where companies often use video or images to check customers are who they claim to be, are also highly vulnerable to deepfakes. Unlike with a sophisticated BEC attack, cybercriminals only need minimal source material to conduct a face swap that can fool biometric identification systems. 

Combating Security Deepfakes

Unfortunately, deepfake technology is advancing faster than the systems we use to detect them. We currently use various factors to detect security deepfakes, mainly using algorithms to look for abnormalities in skin, eyes, hair, background discrepancies, and unusual pixel compositions. However, cybercriminals are also becoming increasingly adept at getting around these detections.

So what does this mean going forward? First, we could see AI utilized to combat deepfake threats. For example, sufficiently advanced AI systems could crunch existing video and audio files and compare them to new material to see if a video was created by splicing together existing clips. Additionally, blockchains could be used to verify whether content has been manipulated from its original version.

However, this technology isn’t likely to be available to the average organization any time soon. With this in mind, companies should focus their efforts on educating employees on the existence of deepfakes, so they are more likely to second-guess the authenticity of an unexpected video or voicemail request. At the same time, companies should encourage employees not to act quickly to unusual requests and instead take the time to verify the request’s legitimacy.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How Organizations Can Properly Secure Network Access for Remote Workforces

IT security policies have traditionally been perimeter-based, primarily concerned with the network activity within their own office and corporate network. While remote work certainly existed before, it has now become a standard – even an expectation among employees – no matter the industry or job function.

This rapid expansion of remote workforces has created significant operational and cultural changes for companies worldwide – particularly when it comes to IT and securing corporate digital eco-systems. Many organizations were not fully prepared for such an immense transition of expanding corporate edges and countless new endpoints.

With so many workers now scattered beyond the walls of their physical offices, this has created a considerable challenge for IT departments that find themselves struggling to monitor and gauge the real security posture of their networks, and the endpoints in use across them. The weakest link is no longer in the cubicle next to you – it can be halfway around the world in the home office of an employee using a VPN on a compromised laptop.

Secure Network Access for Remote Workers: Challenges Today

There are numerous potential risks for companies when it comes to enabling secure network access for remote workforces:

  • Limited Network & Endpoint Visibility: Remote work environments can make it considerably more difficult for an organization to maintain visibility and control over the data security of its employees. A lack of visibility inhibits IT and security teams from achieving operational and security objectives, while putting the business at increased risk.
  • Increased BYOD Use: An increasing number of employees these days use personal devices to access company networks. This is especially true as employees find themselves working from home with greater regularity. In many cases, these devices are often not fully compliant with their employer’s security policies. Unsecured personal devices can provide potential attack vectors for cybercriminals to target a corporate network.
  • Social Engineering Attacks: As organizations have bolstered their cybersecurity measures over time, tit has become more difficult for cybercriminals to exploit security posture vulnerabilities. In turn, many have favored more cost-effective tactics to breach networks like phishing emails that capitalize on human error and trust. Social engineering tactics need only an unwitting or distracted employee to succeed, and therefore typically require less technical knowledge to pull off.

What’s Needed to Secure Network Access for Remote Workers

Here are some critical considerations when it comes to enabling secure network access for remote workers:

  • Firewall: Serving as somewhat of an electric fence to your network, firewalls remain a basic but essential extra layer of protection for remote workers. One pitfall is that many employees may disable their firewall if they believe it to be slowing down their device, keeping it from blocking malicious traffic.
  • Antivirus: A just as essential, yet often forgone staple in your security stack is antivirus software. In addition to providing protection from all sorts of malware, the Next-Generation Antivirus (NGAV) of today utilizes predictive analytics driven by AI and machine learning for advanced threat detection. This includes determining root causes from endpoint data and responding to previously undetected emerging threats.
  • Managing Endpoint Visibility: Unmonitored remote devices can bring an abundance of potential threats to a network if they are not up-to-date and properly configured. Visibility is a key issue here. By implementing solutions like NAC, companies gain insight into every user and device on their network, allowing them to pinpoint any weaknesses within it. With this visibility they can then control, adjust, or deny access for any device as needed.
  • VPN: While it’s common for many companies to offer secured VPN connections for remote employees, VPN can’t serve as a comprehensive security solution. A VPN alone can leave you in the dark about the security posture and compliance level of the device connecting to it. You could unknowingly be giving safe passage for a compromised device directly to your network.
  • Device Risk Monitoring & Mitigation: With the help of an agent or MDM, NAC solutions like Portnox CLEAR can work alongside a VPN, offering two factor authentication based on user identity and endpoint risk score. Continuous monitoring is key here for keeping countless users and devices in compliance, no matter their location. By knowing the security posture of remote devices, IT teams can adjust their security policy and mitigate potential threats.
  • Employee Training & Awareness: Employees are more likely to be lax with their security habits outside the office, and cybercriminals are no stranger to this reality. Maintaining employee awareness of these potential threats is key for risk mitigation. Whether regarding proper password management, compliance policies, or how to spot phishing attempts, it’s highly beneficial to offer employee education and training in security best practices.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why You Should be Leveraging Nmap for Network Endpoint Security

We have all been there. We are at a new place with new devices and the previous person did not keep good records. Now we’re being asked to secure the network without losing current functionality. Allow the good devices and block the bad, or at least put the bad on the guest network. So, what are all the devices on the network?

Some of the devices will be easy to identify and others not so much. An invaluable free tool to help you get started is Nmap (https://nmap.org/) . This tool helps you do a quick scan of your network to help find out how much you know and how much you don’t know.

How Nmap Enables Endpoint Visibility

You can run Nmap from the shell prompt, among the myriad of other command line options, but an easier way to get started is to use the Zenmap tool that has a UI to help you navigate your initial discovery.

One helpful feature of both the Nmap command line tool and Zenmap is the ability to output the results as XML. This output then allows you to use additional data parsing techniques to dig further into your data and look for patterns that can help you identify various devices with some detective work.

Nmap does a great job at identifying certain devices, but it’s not a comprehensive resource for all IoT devices in the market. Most of the time, you can identify the laptops, servers, and networking devices in your network, but not the mass of IoT devices people carry around or use in modern offices. TVs, projectors, lightbulbs, phones, and other harder to identify devices need to be properly identified especially as you strive to not interrupt business as usual.

Getting Started With Nmap

Let’s work through a small example on how to use the results from Nmap to help identify groups of devices on your network to help you determine network security rules for applications like your Network Access Control (NAC) software.

First, we will install Zenmap to help us through our process. The latest instructions can be found here: https://nmap.org/zenmap/

Running a Scan on Your Network

After installation, we select to run an intense scan on a subnet of our network. In this case the 192.168.1.X part of our network by specifying the proper CIDR notation.

The UI shows you the resulting command line from your profile selection should you choose to use the command line in future scripts. Look here for formatting your output to your desired format. For this example, we will be using the -oX option from Zenmap which allows us to look at and search the XML.

Examining Your Scan Results

Running this scan on a network you have access to might yield a typical IoT set of results.

As you can see there are many devices that are identified as Linux OS and unknown OS. Also, there is the easily identified Windows OS which is one of the laptops on the network, and many MacOS devices which include the Macbooks, iPhones, Apple watches, and other devices that attach to the network.

Classifying Unknown IoT Devices

Since many IoT devices use a base Linux OS, let’s see if we can find a pattern to help classify a larger subset of these unknown devices.

By selecting a device from our list, we can find some good details about what the device might be. Selecting the “Port/Hosts” and “Host Details” tabs we get some insightful data into the identity of this device.

Host Details (Enlarge)

Ports/Hosts (Enlarge)

Already we see that one of the ports is associated with Amazon devices. There is one more hint in the XML output which can be obtained from the menu selection Scan -> Save Scan and opening the XML in Visual Studio Code.

Here we can see that the MAC vendor (the manufacturer of the network access card) is also Amazon Technologies. MAC vendors are identifiable from the first three bytes of the MAC address and searchable from such online sources as https://standardsoui.ieee.org/oui/oui.txt

Filtering Out Devices From Results

With these hints we can start to look at our network with the lens of filtering out all Amazon devices like Alexa Echo Dots and Fire TV sticks.

A short PowerShell script run on the XML output yields the results that follow:

Or even better, you can use this script to get the IP addresses of those same devices, although you will still want the MAC addresses for NAC and other purposes.

This tells us that we likely have 8 devices on our network from Amazon and I could start to scan our larger network looking for IP addresses for MAC addresses belonging to Amazon and classifying those devices. Our network is one step closer to being secure.

Use Nmap to kickstart your network detective work and get your network more secure by knowing what devices are out there.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The New US Cybersecurity Act & What it Means

If you face a major cyber attack or pay ransom to attackers, you may have to report it to the Cybersecurity and Infrastructure Security Agency (CISA) within a certain timeframe under the new cybersecurity law .

The Strengthening American Cybersecurity Act of 2022, which became law in March 2022, imposes strict reporting obligations on critical infrastructure owners/operators: Entities operating and/or owning critical infrastructure have to notify the CISA of the ransomware payment within 24 hours and of the major cyber incidents within 72 hours.

Who is covered by the new requirements? When and how are cyber incidents reported under the new law? Keep reading to find out more.

What is Strengthening American Cybersecurity Act of 2022? 

Although the new requirements on incident-reporting makes the headlines, the new cyber security law is composed of three separate regulations:

  1. The Cyber Incident Reporting for Critical Infrastructure Act of 2022: This regulation imposes on critical infrastructure operators the obligation to notify the CISA of “covered cyber incidents” and “ransom payments” within a certain timeframe.
  2. The Federal Information Security Modernization Act of 2022: This regulation contains requirements on federal information security management and on reporting of cyber attacks and how these attacks will be remedied
  3. The Federal Secure Cloud Improvement and Jobs Act of 2022: This regulation deals with the security requirements for the use of cloud products.

What Entities Are Covered in the Cybersecurity Act?

Under the new law, the CISA will have the power to decide what types of entities will be subject to the new incident-reporting requirements.

While the CISA is provided with wide discretion, the law requires the CISA to consider the following three factors when determining the “covered entities”:

  • How would national security, public safety, and public health be affected if an entity’s operations are disrupted or compromised
  • What is the likelihood that a malicious actor, such as a foreign country may target the entity?
  • “the extent to which damage, disruption, or unauthorized access to such an entity, including the accessing of sensitive cybersecurity vulnerability information or penetration testing tools or techniques, will likely enable the disruption of the reliable operation of critical infrastructure.”

Considering that these criteria refer to “national security”, “public safety” and also to the possibility of being targeted by foreign state actors, the 16 critical infrastructure sectors defined by the Presidential Directive 21 will likely be declared as “covered entity”.

These sectors include, but are not limited to:

  • Defense Industrial Base
  • Emergency Services
  • Energy
  • Financial Services
  • Healthcare and Public Health

While it is reasonable to expect that these sectors will be defined as “covered entities,” the CISA will likely go further and determine additional sectors as falling under the new law.

What Incidents Should Be Reported

Under the Act, there are two categories of attacks that needs to be reported:

Cyber incidents

The Act does not require all incidents to be reported to the CISA and provides CISA with the power to determine the criteria and threshold for cyber incidents to be covered by the Cybersecurity Act.

However, the Act lists three types of high-impact cyber incidents that is covered by the Act.  For example, incidents that involves “unauthorized access or disruption of business or industrial operations” due to a “compromise of a cloud service provider, managed service provider, or other third-party data hosting provider or by a supply chain compromise” must be reported under the Act.

A recent example of such a cyber attack is the SolarWinds attack. After Russia-backed hackers inserted a malicious code into the SolarWinds’ network monitoring software, they gained access to thousands of companies’ networks, including electricity, oil and manufacturing companies.

Ransom payments

“Ransomware Attacks” are defined broadly under the Act: Use or threatened use of all techniques aimed at hindering an entity’s information processing operations falls under the definition of “ransomware attack”. Alongside the traditional ransomware technique, encryption of data, the following types of mechanisms are also subject to the Cybersecurity Act:

  • Distributed denial of service attacks
  • Insertion of malicious code.

When to Report the Incidents? 

The Act sets out two different deadlines for the reporting of incidents:

  1. Incidents falling under the “ransom attack” category must be reported to the CISA within 24 hours after the entity operating/owning the critical infrastructure makes a ransom payment.
  2. “Covered entity” must report cyber incidents within 72 hours after it “reasonably believes that the covered cyber incident has occurred”

Criticisms Against the Law

Though the new law is welcomed by many in light of the growing numbers of cyber attacks targeting critical infrastructure and the rising geopolitical tension in Eastern Europe, it is also criticized for not addressing a few critical issues:

  • No reporting to the FBI: The Department of Justice publicly opposed the new law for not requiring “covered entities” to report the incidents to the FBI. Some agree that direct notification of incidents to the FBI would enable the FBI to provide support to affected entities promptly and warn the other potential vulnerable entities against the risks.
  • DNS: Another criticism directed at the new Act is that DNS information is not included in the reporting requirements. Some argue that DNS information is critical to law enforcement agencies and investigations and it would make it easier for the law enforcement to carry out investigations and determine the origin of the attacks.

What Should “Covered Entities” Do?

Monitor new developments

It is far from certain what entities will be covered by the new reporting requirements, what the contents of the report will include or what types of incidents will fall under the applicability of the new Cybersecurity Act.The CISA will have the power to issue directives in these critical issues and organizations should closely monitor new directives and opinions issued by the CISA.

Establish and Implement an Incident-Response Plan

Given that the new Act sets 24-hour and 72-hour notification requirements and defines the minimum content the reporting must include, organizations must put in place a robust incident response plan.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

New Cyber Threats & Vulnerabilities Brought on by the Rise of IoT Devices

Diving into Internet of Things Statistics

An Internet of Things (IoT) device simply means a device which can communicate back and forth with a central hub, mainly via WiFi but also using technologies such as SIM cards and radio frequencies. We are living in the age of digital connectivity, if it can have an IP address then you best believe it’ll have one assigned. From Samsung’s AI-powered Family Hub Smart Fridge which tells you what recipes you can make based on the ingredients inside, to Tesla vehicles with over-the-air updates for not only the software but also actual motor components (a 2018 update on the Model 3 to adjust the anti-lock algorithm which helped with braking distance).  

Consumer technologies aren’t alone when it comes to utilizing the Internet of Everything. Industries such as healthcare have their own use case. Internet of Medical Things (IoMT) such as smart sensors for monitoring patients’ vitals are an essential piece of equipment in modern healthcare facilities.  

The statistics back this growth: there are already more active IoT devices (10 billion) than people on earth. It’s expected that there will be over 30 billion total IoT devices by 2025, with the market value projected to reach $875 billion by that time. Every second over 100 new IoT appliances connect to the public internet. It’s so widely adopted that almost a third of the US population own a smartwatch. This sharp increase in devices has a clear effect on the global volume of data being transported, the graph below shows year to year growth.  

Cyber Threats & Vulnerabilities of IoT

As the Internet of Things rapidly grows, the cyber threats and associated risks continue to evolve and become increasingly complex with hackers coming up with new ways to breach devices and networks. Every organization should be aware of their own network attack surface, which is the totality of all vulnerabilities from connected devices and hardware. Each device poses a possible point of entry for an unauthorized user to gain access. Ideally you keep your attack surface as small as possible, making it easier to protect. But for some organizations, this simply isn’t a possibility, as there might be a need for thousands, if not hundreds of thousands of IoT sensors to report on key analytics.  

As mentioned earlier, the healthcare industry has a sizable use case when it comes to IoT devices. An issue with this is the cost associated with these complex pieces of equipment such as MRI scanners and X-ray machines. It simply isn’t feasible for these items to be upgraded regularly, which in turn leads to outdated and unsupported systems still playing a key role in the infrastructure. As an example, Windows 7 support was discontinued in January of 2020 after 10 years in operation, creating an untold number of vulnerabilities for organizations around the globe. According to a report from Palo Alto Networks cybersecurity division Unit 42, 83% of medical imaging devices are running unsupported operating systems.  

IoT devices suffer from a range of other vulnerabilities, including: 
  • Weak/default passwords and settings: Back in 2016, the largest DDoS attack ever at the time was launched against the service provider Dyn using a botnet powered by IoT devices. Hackers used a piece of malware called Mirai, which after initially infecting a computer would continue searching for vulnerable IoT devices and use default usernames and passwords to login. These credentials can be found online easily, and if the network operator doesn’t change them, anyone can gain access. 
  • Poor device security from the manufacturer: When a device communicates in plain text, all information that is being transferred can easily be intercepted via a Man-in-the-Middle attack. 
  • Outdated IoT firmware: A large percentage of IoT devices use third-party libraries for their firmware, these can easily become outdated and with the lack of ability to update the firmware on some devices, this poses an issue. 
  • Protecting your IoT Devices and Network: Network administrators need to realise that with these new devices they need to ensure they are keeping up with the essential security solutions. Strong passwords, firewalls and anti-virus software simply isn’t sufficient. The first step in protecting your IoT devices is to learn and understand what the most likely cyber threats are. Create a threat model which identifies, evaluates, and prioritizes potential vulnerabilities. Having a documented network is essential, a well-maintained network management system with advanced monitoring will massively help identify weak spots in the network.  
Basic IoT network security measures include:
  • VLANs: Placing the IoT devices in their own VLAN with total segregation from the rest of the network. This doesn’t have to be anything overly complicated, just set some simple rules such as trusted and untrusted depending on how much faith you have in the device. E.g. A Nest smoke alarm can be placed in the trusted VLAN and have access to the internet but a cheap Chinese thermometer would go in the untrusted VLAN and not have access to anything else.  
  • Static IPs: If it is possible to assign a static IP, definitely do so. This helps you to keep track of the device and can make troubleshooting a whole lot easier. Another benefit of this is helping with identifying new devices on the network. 
  • MAC Address whitelisting: An easy way of ensuring only authorized devices can access your company network. But it is important to note that these can be easily spoofed. 
Advanced IoT security measures include:
  • Modern Network Access Control (NAC): Traditional NAC solutions don’t scale well when it comes to IoT. Standard IEEE 802.1x security protocols are mostly incompatible with IoT devices. As mentioned above, MAC authentication can be spoofed. With NAC, network administrators are able to configure and enforce security policies and analyze device risk postures. 
  • Automated configuration: Having an automated onboarding system in place for new devices is a smart idea. If your company has a large number of IoT devices, it can be easy for some to slip through the security configuration if done manually.  
  • Device certificates: Using X.509 device certificates to manage the identity and security of devices adds another layer of security. These certificates play a key role in PKI-based security and serve as proof of device authenticity by authentication, encryption, and data integrity. 
  • Secure API connections: APIs are commonly used to transfer data between applications and devices. This can give way to a whole host of cyber threats. It is essential that only authorized systems can communicate with the API. The use of tokens to establish trusted identities and provide access to the appropriate services is highly recommended. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。