The Internet of Things (IoT) is a paradigm shift reshaping the way businesses operate.
Today, over 8.4 billion ‘things’ are connected, and this is forecast to amount to over 20 billion connected devices by 2020. It can be argued that IoT has now firmly displaced Big Data at the peak of the hype cycle, and for good reason.
Fueled by the rapid expansion of internet-connected devices, IoT and operational technology (OT) significantly improve business efficiencies, reduce costs and streamline tasks. For this reason, IoT/OT will continue to have a widespread impact and rapid adoption across multiple industries, including financial services.
However, many organizations may be using this new connected technology and not even be aware of it. When we talk about IoT devices we often think of consumer devices, but from a corporate standpoint it can include IP-enabled security cameras, point-of-sales (POS) devices, or ATM machines. With this comes a new set of cybersecurity challenges as the devices connecting to a corporate network could pose a threat if they go undetected.
This is especially the case in Singapore, which has been driving industries to digitalize in line with its broader Smart Nation vision. As part of this wave of digitalization, financial services organizations are increasingly adopting IoT devices, which enable them to move away from traditional services and offer more personalized, on-demand digital financial services. As a result, this adds pressure on organizations to ensure they have continuous visibility of the devices on their networks.
Given the critical assets and information on financial services organizations’ networks, it is more important than ever for these institutions to implement the right security solutions and adopt cyber best practices in effort to enable scalable security tools that can evolve with changing business and technology needs.
Visibility and Continuous Monitoring
It is mission critical for organizations to have complete visibility across the network and implement security tools that provide continuous updates on what’s connecting to the network and the cyber posture of the devices. This is paramount in understanding an organization’s overall security posture.
Today’s threat landscape is continuing to increase as more and more devices are coming online – from smart lighting to printers, badge scanners and HVAC systems – and when it only takes one point of entry for a bad actor to compromise a network, each new device not only increases risk but can also introduce security blind spots and non-compliant devices into an environment.
To overcome these challenges, financial institutions need to go back to basics and lay the groundwork for a solid foundation to their security strategy, starting with comprehensive, real-time visibility across the entire network infrastructure – from the campus to the cloud, data center and OT environments. Organizations need to know how many devices are on the network, where they are, what type of access they have and what their configurations are. This way, security gaps can be identified, new policies can be applied, and additional preventative security solutions can be integrated.
As with any industry, continuous insight into network activity needs to help ensure protection of the network without slowing down critical business operations. As such, financial institutions need to effectively identify and eliminate blind spots in the network while continuing to glean the intelligence that helps maintain a healthy cyber posture.
Control and Enforcement
To reduce the attack surface and risk, it is important to have the security tools that can control the level of access provided to any device on the network. Once an organization has the ability to see all of the activity on a network, they can then manage risk more effectively by applying the appropriate network controls. Through this process, organizations can decide to allow, deny or limit network access based on device posture and the organization’s security policies.
Orchestration
Organizations need the ability to align network controls as well as automate and orchestrate information sharing across all network environments in order to identify, prioritize and mitigate cyber threats quickly and effectively. This enables the ability to enforce consistent network security policies and mitigate risk effectively.
At the same time, a unified and integrated approach to security will not only help to contain the spread of malware across the network, it will also result in enhanced efficiency and time savings through automated workflows and processes for quick, coordinated incident responses.
The Future of IoT in Financial Services
IoT holds great promise for the future and its power can be harnessed to revolutionize the financial services sector. However, with a treasure trove of highly-sensitive customer data, it is no surprise why financial institutions have become more prone to increased security threats. Without continuous visibility across the network from the campus to the data center, cloud and operational technology, security blind spots and non-compliant devices may be on a network that can open a door for a bad actor.
As such, it is critical that financial institutions enforce the need for comprehensive visibility that continuously offers insight into enterprise-connected devices as well as asset intelligence to eliminate blind spots, build the foundation for proper controls and facilitate asset inventory and tracking. All this can be achieved by deploying the right network visibility solution and implementing best practices to build a more cohesive security framework.
Author: Wahab Yusoff, Vice President, Asia at ForeScout Technologies
Featured image credit: Freepik