2. When IoT devices are embedded with security vulnerabilities, it puts users at risk

The opportunities that the Internet of Things phenomenon has driven across businesses and industries have been almost unparalleled, as ubiquitous connected devices provide key physical data, unlocking further business insights via the cloud.

Yet, they have also turned into security concerns with the emergence of distributed denial of service attacks and a rising number of internet security breaches launched against servers.

Experts warn that this is a valid concern, and that more needs to be done in order to protect end users.

Sunil Varkey, Chief Technology Officer and Security Strategist, Middle East, Africa and Eastern Europe, Symantec, said: “Even as IoT adoption is in a rapid phase and may soon touch our everyday lives, security needs to be accounted for. Currently, it is not a major consideration in the development lifecycle. As such, most security practitioners are not yet familiar with security protocols for IoT, and that needs to change. Else, any exploit on the vulnerabilities or misconfigurations could lead to huge impact on safety.”

Srinivas Bhattiprolu, Senior Director-Solutions and Services, Asia Pacific-Japan, Nokia, elaborated on how threat vectors could potentially take advantage of IoT devices, explaining that lateral movements to compromise assets within the security perimeter has been on the rise. “In order to secure an end-to-end IoT system, it is necessary to clearly understand the vulnerabilities and exploits associated with specific components as well as of the system as a whole,” he explained.

3. Critical infrastructure owners should create separate networks to move essential operations off the internet

In recent years, governments and organizations across the APJ region have begun the introduction of separate networks, and have even cut off internet connection from employee devices in order to prevent potential leaks from e-mails and shared documents.

The Singapore government’s move in May 2017 is one such example in a move to prevent attackers from tapping the internet to plant malware in work devices. As for whether this is essential, experts share differing views.

“The challenges that security professionals have been facing with legacy systems is their complexity and lack of security by design, which necessitate off-network operations. This is still a common practice as it reduces critical systems exposure, providing mitigating controls, by limiting potential cyber-attacks through segregation,” said Magda Lilia Chelly, Managing Director at Responsible Cyber Pte Ltd.

Varkey however pointed out the increasing challenge of this practice. “While isolation and separation of network segments were an active defense strategy when systems and information were well within defined perimeters and enterprise networks, this might not be enough to solve challenges anymore. This is because heterogeneous multi-cloud environments see users having multiple IT personas.”

“Beyond segregation, owners and operators of critical infrastructure should make sure their systems are properly secure, patched, updated and monitored. It is too easy for an individual today to go on one of several search engines and easily find misconfigured or unpatched critical systems,” continued Varkey.

4. AI-powered systems are self-sustaining and secure by design

According to market research firm Reportlinker, the Asia Pacific region is expected to be the largest AI cybersecurity market, as a result of the high adoption of advanced technologies like IoT, big data and cloud computing. As for its ability to keep out attacks, experts warn that AI has both exacerbated advances in cybersecurity solutions and threats of cybercrime.

“We have seen recent AI deployments across cyber security solutions, where companies claim that they can detect attacks faster using the technology. Academic research proves a success rate between 85% and 99% – this all depends on the implementation, algorithms and data,” Chelly said.

“In order for AI to be successful, it requires the appropriate data input. If the data input is manipulated, or biased, new security concerns can emerge very quickly. The data inputs, and their integrity and availability present a crucial element for the AI technology,” she added.