The Health of the IoT Depends on Cyber Security

It's time to change the framing around what cyber security means and how to adequately maintain the health of our digital networks.
By Rebecca Lawson
Nov 01, 2016

Here's a pop quiz: When you hear the term "cyber security," what comes to mind?
1. Crime
2. Disease

If you picked the first choice, I'm not surprised. Most people think of cyber security in terms of criminal activity (cyber theft), civil unrest (hacktivism), and spying or espionage (state-sponsored activities). But I would argue that while associating cyber security with crime seems quite natural, instead comparing it to public health and fighting disease is a more useful paradigm.

If we approach cyber security as an issue of digital disease, with the antidote as healthy networks, we might actually gain ground in protecting ourselves from the effects of malicious cyber activity.

In other words, cyber security is a public digital health issue.

Consider personal health: We all know that exercising, eating healthy foods and taking care of our social needs contributes to well-being and enables us to live longer. Maintaining excellent health requires unwavering focus and dedication for all aspects of our well-being. Similarly, cyber security is an ongoing part of a company's culture that demands constant vigilance and maintenance.

Organizations must emphasize situational awareness and ask themselves, "Do we know what the risks are, and do we have a strategy in place to respond to the wide variety of risks in existence today?" Only when we treat cyber security as a state of being—as our system's health—are we cyber-ready and resilient in the face of increasingly sophisticated attacks.

According to the SANS Institute's SANS 2016 State of ICS Security Survey, organizations are increasingly taking a reactive approach to cyber security, such as by waiting for vendors to provide patches once a bug is detected. In 2015, 37 percent of respondents took that approach, but that has now grown to 47 percent.

Organizations should not sit and wait for vendors and suppliers to alert them to a potential incident. This is particularly true for industrial organizations with vulnerable operational technology (OT) environments. OT-driven companies should work with vendors to recognize and respond to threats, but not rely on them alone. Instead, they must actively monitor internal traffic and industry alerts, as well as implement threat-detection and -protection tools.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations