Converged security management: The key to mitigating cybersecurity risks
The IoT revolution has come about thanks to falling component prices, global mobile device adoption, improvements in telecoms infrastructure and the rise of application programming interfaces (APIs). Unsecured and therefore vulnerable devices are now easily searchable through online vulnerability search engine Shodan, among many other means. A series of cyber-attacks targeting such devices as conduits to wider corporate networks has exposed the complacency of some manufacturers over cybersecurity.
The consequences of successful breaches the loss of sensitive data and potentially multi-million pound fines levied for breaches of the forthcoming Global Data Protection Regulation (GDPR) mean the issue is finally getting the attention it warrants. The arguably lower standards of security for consumer devices is a problem, as is the use of third-party suppliers who may not take security as seriously as they should. According to the Department of Homeland Security, this inter-connectedness of devices introduces cyber-physical technologies that connect cyber systems to physical systems, thereby removing the barrier between the cyber and physical worlds but the greater connectivity also expands the potential attack surface for malicious actors. Author bios James Willison BA MA MSyI James is founder of Unified Security Ltd and vice chair of the ASIS European Convergence/ESRM committee. James was awarded the Imbert Prize for an outstanding contribution to the Security Industry in 2011 for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has worked with BP, Loughborough University, Mitie TSM, the EU and AXIS Communications on convergence. He is an ISACA Academic Advocate and a member of the draft ASIS/ISACA/ISC(2) Security Awareness Standard Working Group. Unified Security Ltd provide consultancy to organisations on how to align their physical and information security functions. This encompasses security policy, common reporting processes, converged security risk assessment, training courses and white papers.
Sarb Sembhi CISM Sarb is CTO and CISO at Virtually Informed, and has previously been a CTO and CISO for the Noord Group. A former consultant in risk and security, Sarb has also worked with the London Chamber of Commerce and Industry Defence and Security Committee and its cybersecurity working group. Other roles have included president of the ISACA London Chapter, chair of ISACA International GRA Region 3 Sub-Committee, chair of ISACA International GRA Committee, ISSA UK Advisory Group member and InfoSecurity Magazine Editorial Group member. Sarb has also served on several security standards groups and speaks at risk and security events around the world. Sarb was shortlisted in IFSEC Global s Top 50 influencers in security & fire 2017: Cybersecurity.