By Goh Chee Hoh, Managing Director, Trend Micro Malaysia
We've all heard about the inevitability of digital transformation. Technologies such as Internet of Things (IoT), big data analytics, blockchain, and mobile computing are reinventing business efficiency and promoting revenue growth. A study by Microsoft and IDC Asia/Pacific predicts that digital transformation is to contribute US$10 billion to Malaysia’s gross domestic product (GDP) by 2021, while 96% of Malaysian jobs are reported to be transformed in the next three years due to digital transformation.
Amidst the big picture of digital transformation, the Internet of Things (IoT) has been a buzzword with new incarnations of connectivity via any device, any path and any business anywhere at any time. For example, executives at a smart factory can access real-time data and analytics of what is happening along the manufacturing line and supply chain in order to gauge productivity, efficiency and predictive maintenance.
As enterprises continue to take advantage of all that the IoT can offer, it's also important to ensure that these sensors and endpoints of the connected devices are properly protected. The massive IoT botnet malware – Mirai and Persirai attacks that hijacked IoT devices since 2017 have elevated the conversation of how vulnerable and disruptive these connected devices can be. Recently, the IoT botnet Reaper, which is based on the Mirai code, has been found to catch on as a means to compromise a web of devices, even those from different device makers.
Here are a few measures organizations must take towards preserving and securing their IoT system:
Audit IoT devices before connecting to the network. Check the levels of encryption each IoT device uses, and see whether it has the necessary authentication features, before connecting to the network.
Find vulnerabilities and address them before they are exploited. Perform penetration tests to assess for vulnerabilities, especially those that may have been unforeseen during the design phase of IoT systems and devices.
Keep software and patches up to date. Even if an IoT device was designed for security and privacy, vulnerabilities may still be discovered, given that cyberthreats continue to evolve. These vulnerabilities can be mitigated by security updates and patches.
Consider if continuous connectivity is necessary. IoT users must consistently consider if a device must remain connected to a network. Decreasing the number of IoT devices connected to a network can reduce the risks of disruption through these very devices.
Employ cybersecurity protection that can help secure the network. Make use of cybersecurity technologies that can help protect the entire system, including the devices, the network, and the cloud.
The increasing connectivity and expanded attack surface afforded by the IoT present opportunities for cybercriminals looking to hijack devices and hack into networks. Digital transformation without an equivalent security transformation is leaving organizations more vulnerable than ever. As companies continue to embrace digital transformation, they must focus on a comprehensive and thoughtful approach to security in order to minimize business risk.
 IDC, Unlocking the Economic Impact of Digital Transformation in Asia Pacific, February 2018.