Speaking at a government panel discussion on smarter and safer cities at the recently held Gulf Information Security Expo & Conference (GISEC), Natalya Kaspersky, president, InfoWatch Group urged global leaders and private sector heavyweights to work together to create international regulations to protect the future of smart cities.
Kaspersky told the forum that global legislation and regulations are the missing ingredient in helping secure smart devices and substantially reduce the risk of a ‘WannaCry’-style Ransomware attack on crucial infrastructure, such as airport passenger systems.
As development and adoption of IoT tech increases, she highlighted the soaring number of devices around the world that remain unsecure, leaving an unprecedented amount of public information vulnerable to attack.
“Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” Kaspersky told the plenary session. “All kinds of systems in a Smart City can be exposed to such a collapse.”
Kaspersky reiterated that amid wide-ranging threats in global cyberspace, security experts and smart device manufacturers around the world must collaborate, noting the device makers that don’t always prioritise security.
“If you develop a niche product for a small segment of the IoT security market, there is no chance for you to grow big and truly optimise your monetisation,” said the InfoWatch Group president. “Manufacturers of smart devices first think about product functionality and only then security, whereas security should be the central point of concern – even at the development stage”.
With emerging technology developers often lacking a proper insight into cybersecurity issues, making it more difficult to implement relevant cyber safeguards, Kaspersky called for an international body to implement regulations and shape cybersecurity recommendations both for national governments and globally.
Citing findings from the InfoWatch Analytical Centre on 2016 data leaks in the Middle East vs. the global security landscape, Kaspersky emphasised the challenge in safeguarding Industrial Internet of Things (IIoT) from attack when all modern cities and enterprises using internet-connected systems are constantly exposed to versatile targeted attacks.
The findings showed that most data leaks in the Middle East were caused by external attacks on enterprise IT infrastructure, while 18 percent of leaks were insider enabled, compared with the global average of 40 percent. Personal and financial data were leaked in 90 percent of cases recorded elsewhere in world, compared with 60 percent in the Middle East.
“Attack patterns can vary: insider, virus or DDoS attack, even a combination of all of them,” said Kaspersky. “As a rule, when breaking into a particular organisation or website, attackers employ several tactics at once; they assail an enterprise through all Internet-connected devices, not only desktops.”