Patrick Dennis Keynotes Enfuse: IoT, social media, mobile devices demand new security tools, tactics
Security | May 24, 2016
“The time has come for forensic and security investigators to break down the door to IT departments and help them prepare for a coming data crime wave that will require companies to spend up to 60 percent of security budgets on data breach response by 2020,” said Guidance Software CEO Patrick Dennis in his opening keynote at Enfuse, the company’s 16th annual cybersecurity and forensic investigation conference.
Citing analysts from Gartner and Piper Jaffray showing that prevention efforts are being overwhelmed by the swarms of hackers attacking their systems, Dennis painted a bleak picture of more to come during the next five years. He pointed to expanding mobile and Internet of Things (IoT) use creating a much larger “surface area” of risk and vulnerability to entities protecting personally identifiable data for their customers and constituents.
Exacerbating the trend is a distinct lack of data forensic experts qualified to fight an ever-expanding underworld of criminals who can exploit those vulnerabilities from anywhere around the globe, thanks to persistent connectivity of computers and mobile devices.
New risks are only expanding that surface area, led by social media, which not only open doors for the bad actors but also are providing law enforcement investigators more data for evidence gathering. But also, the very workforce trends that are giving many employees boosts in both independence and productivity are making things tougher for the teams in charge of protecting their networks.
“I don’t see companies giving up the benefits of mobile technologies to their businesses, and I also don’t see a clear path to resolving the criminal use of these technologies, either,” Dennis said, leaving those entrusted with risk management, data security and forensics investigation in an increasingly difficult positions. “We need to assume we will see more mobile commerce, more mobile workers, and more criminal use of mobile technology.”
An even larger surface area of risk is the IoT, in which machine-to-machine communications, such as industrial control systems, digital billboards and other sensor-based systems are run on poorly secured, easily hacked systems including Ubuntu and Debian Linux. These soon will become the targets of organized criminals, if they aren’t already. Reminding the 1,500 Enfuse attendees of the axiom, “If it can be connected to the Internet, it can be hacked,” it’s becoming clear that with the IoT, everything’s connected to the Internet, and therefore everything can get hacked.
While the picture might seem bleak, Dennis emphasized, it’s an opportunity for those data security experts to get a seat at the decision-making table for determining budget spends for software and programs that will help minimize risk, shore up endpoint security and of course, find breaches faster through forensic tools, stop them, and mitigate the damage more quickly.
“I’m grateful for those of you who are responsible for protecting our digital borders – that’s a really, really big deal,” Dennis added. “It’s a more difficult job in a connected world.”