Complex Made Simple

International regulations needed to curb cyberattacks

With governments, corporations and individuals increasingly adopting Internet of Things (IoT) technologies in everyday life, global leaders and private sector heavyweights must work together to create international regulations which protect the future of smart cities.

Natalya Kaspersky, President of Russian cybersecurity firm InfoWatch Group, addressed a government panel discussion on smarter and safer cities at the Gulf Information Security Expo and Conference (GISEC), which ended on May 23.

The globally renowned cybersecurity expert told the forum that global legislation and regulations are the missing ingredient in helping to secure smart devices and substantially reduce the risk of a WannaCry-style ransomware attack on crucial infrastructure, such as airport passenger systems.

“All kinds of systems can…collapse”

As development and adoption of IoT tech increases, Kaspersky highlighted the soaring number of devices around the world that remain unsecure, leaving an unprecedented amount of public information vulnerable to attack.

Kaspersky told the plenary session: “Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online. “All kinds of systems in a smart city can be exposed to such a collapse.”

Kaspersky reiterated that amid wide-ranging threats in global cyberspace, security experts and smart device manufacturers around the world must collaborate, noting the device makers that don’t always prioritise security.

“If you develop a niche product for a small segment of the IoT security market, there is no chance for you to grow big and truly optimise your monetisation,” said the InfoWatch Group President.

“Manufacturers of smart devices first think about product functionality and then security, whereas security should be the central point of concern – even at the development stage,” she added.

Lack of insight

Emerging technology developers often lack a proper insight into cybersecurity issues, making it more difficult to implement relevant cyber safeguards. Kaspersky called for an international body to implement regulations and shape cybersecurity recommendations both for national governments and globally.

Kaspersky also joined the round-table discussion ‘Government, Business and Society in a New Reality of Digital World’ at GISEC, moderated by Krishna Rajagopal, CEO at AKATI Consulting (Malaysia), to discuss how external and internal enterprise security threats affect the progress of digital society.

Fellow participants included Rustem Khairetdinov, CEO at Attack Killer, and Tim Khairetdinov, CTO at Appercut Security.

Constantly exposed

Citing findings from the InfoWatch Analytical Centre on 2016 data leaks in the Middle East vs. the global security landscape, Kaspersky emphasised the challenge in safeguarding Industrial Internet of Things (IIoT) from attack when all modern cities and enterprises using Internet-connected systems are constantly exposed to versatile targeted attacks.

The findings showed that most data leaks in the Middle East were caused by external attacks on enterprise IT infrastructure, while 18 per cent of leaks were insider enabled, compared with the global average of 40 per cent.

Personal and financial data were leaked in 90 per cent of cases recorded elsewhere in world, compared with 60 per cent in the Middle East.

“Attack patterns can vary: insider, virus or DDoS attack, even a combination of all of them,” said Kaspersky. “As a rule, when breaking into a particular organisation or website, attackers employ several tactics at once; they assail an enterprise through all Internet-connected devices, not only desktops.”