This post is part of a corporate blogging assignment for HPI and IDC covering their Secure the Future Workplace event.
Security is probably the Internet of Things’ greatest weakness and probably the first devices to illustrate the weakness were networked office printers.
For HPI, the devolved printer and hardware arm of Hewlett-Packard, those IoT weaknesses is an opportunity to showcase their products. However the security of printers is only the tip of a frightening iceberg of technology risks facing businesses and homes.
Security starts at the top
The first keynote for the morning was Simon Piff, Vice President of IDC Asia/Pacific’s IT Security Practice Business.
Simon gave an overview of the challenge of digital transformation and the risks involved.
To Simon, digital transformation has five different aspects within an organisation – Leadership, omni-experience, information, operating model and workforce transformations – all of which have different demands upon management.
One thing he sought to emphasise during his keynote is an organisation’s IT security is a top down process. “If your CEO doesn’t care about cyber-security then how are you going to execute?” He asks.
For printers he makes an important point. “They are essentially a single function server.” He says, “this is another server.”
“There haven’t been headlines about printer hacks but we are about to hear about them.”
Simon’s points about enterprise security and networked printers are something that all computer users, be they in home or business, understand – almost every connected device can be a network server. Being hacked is a real risk for everyone.
Death of the perimeter
“Don’t accept complacency,” is the key message from the second keynote speaker, Edmund Wingate.
Edmund, HP’s Vice President and General Manager of the company’s JetAdvantage Solutions division, described how securing a company’s networking perimeter and relying on firewalls was “backward looking.”
In the printer world, that the typical office device has over 250 settings alone creates risks for network administrators and security officers.
Compounding that problem is the use of proprietary software in these devices. A plethora of custom operating systems, many of them based on outdated Linux distributions, opens opportunities for an infinite range of exploits.
It’s better for the industry and vendors like HP to be open about the systems they are using and any vulnerabilities they find as otherwise governments will be forced to step into the space, warns Edmund. “The absence of standards lets things percolate too long.”
Edmund’s point about proprietary and old software are important aspects in the entire Internet of Things security discussion. That there will be billions of devices ranging from network printers to traffic cameras and connected kettles running antiquated software is a problem the entire IT industry will have to manage.
When your networked is hacked
The day’s final session was a panel featuring Simon Piff, Managing Director ANZ for IDC; Carl Woerndle, Executive Director of Elevate Security; Hugh Ujhazy, Associate Vice President, IoT Practice Lead, IDC APeJ and Edmund Wingate.
Carl was the proprietor of Distributed IT, an Australian domain registrar that was spectacularly hacked in 2011. The damage done to the business was so debilitating that it eventually forced the company out of business.
The alleged perpetrator turned out to be an unemployed Australian truck driver with no formal IT qualifications who had 700 other companies targeted. It’s a sobering lesson on how businesses are vulnerable.
Random attackers are the norm, Hugh Ujhazy pointed out, and ransomware is another factor which wasn’t widespread when Distributed IT was hacked.
Ujhazy sees Blockchain as the opportunity to rethink security. “We are on the cusp of changing the way we deal with devices and applications,” he says.
The consensus from the panel was all enterprise networks are vulnerable to inside threats – whether they are IoT devices like network printers, disaffected individuals, malware or hackers. For executives and boards, that’s an important message on how critical security is in the modern organisation.