Professor Göte Nyman coined the phrase the ‘Internet of behaviors’ (IoB) in 2012. Nyman’s premise was that technology could be used to track individuals’ behavior and used to build a picture to determine what is driving that behavior. Garter has reignited interest in IoB, citing it as one of 2021’s top strategic technology trends. However, when any technical capability starts to gain attention, there are often those looking for ways to exploit the new technology for malicious purposes. IoB could inadvertently introduce new risks that security leaders will need to manage. So what can security teams do to detect and mitigate them?
As consumers go about their daily activities, there is a prevalence of internet-powered devices (IoT) capturing information and uploading it to waiting databases. Commercial and personal devices, and applications, such as smartwatches, GPS trackers and meal tracking apps– to name just a few– are tracking everything. And the information is often stored in massive data lakes.
The other piece to this puzzle is the widespread adoption of 5G infrastructure. This facilitates the communication power of these devices, enabling the transfer of vast volumes of data easily and seamlessly.
From a commercial perspective, mining this collective data provides a wealth of intelligence that means individuals can be targeted with relevant goods and services for positive business marketing. However, this same data can be used by threat actors.
The power of IoB
In 2020, the first real-world implementations of IoB started to materialize globally, as track and trace apps were developed in response to COVID-19. While the intention of the app was evident, the implementation was less successful in many regions. As an illustration, in the UK, the NHS contact-tracing app was initially launched and then suspended in March [2020] blamed on technical failings and issues around the centralization of the collected data. A second, blue-tooth enabled, app was launched in September [2020] with reports that it had been downloaded by 10million users by the end of the month. However, in April [2021], Google and Apple both blocked updates for the app due to privacy concerns.
The use of geographical telemetry to track and trace people for the purpose of fighting pandemics is just one example of how IoB can be utilized. The belief is that IoB could also deliver benefits to numerous other areas of our lives. However, collecting information about our activity using facial recognition, public sector collected data, automatic auto plate recognition used on many major roads in the UK, social media activity, and more also presents serious risks for personal data security.
While there are many persons that point to the substantial benefits delivered as a result of this collective data, what shouldn’t be ignored is the risk that these data lakes can be targeted by attackers. We’ve already seen massive data breaches where user names, passwords and credit card details have been exposed. Behavior-based IoB data could be misused by cybercriminals to build detailed profiles of individuals to support targeted attacks more effectively through personalization.
The power of 5G
The computational power of 5G will play a big role in powering IoB. In 2021, mobile operator, 02, confirmed its ultrafast 5G based mobile broadband network was now live across 150 UK towns and cities, with further reach planned over the remainder of the year. More IoT and smart-enabled devices will likely come online, bringing with them greater convergence between IT and OT as the environments collide. The resultant speed and functionality is exciting, but what needs to be remembered is that this power can also be harnessed by cyber attackers. With data flowing continuously through a potentially vulnerable 5G infrastructure, both users and service providers must team up to prioritize security measures and build an ecosystem of trusted vendors.
This is all relatively new, and it must be recognized that we have yet to see specific attacks against IoB datasets powered by 5G, but that doesn’t mean it won’t happen!
History has taught us that threat actors see any and every widely adopted technology as an opportunity. Attacks against IoT devices, that form the backbone of IoB, are already numerous and ingenious. In tandem, attacks against communication channels are also widely documented.
The common thread that connects the dots is that these cyberattacks are facilitated by insecure code – both within the communication channel, the device, or the infrastructure housing the data.
Taking everything into account, there are measures that can be adopted to successfully secure devices and data that will power IoB:
- Effective planning and architecture: Clearly defined data security strategies must be tailored to the needs of the company collecting IoB telemetry data. In tandem, security leaders need to understand how, and where, to focus remedial actions based on the business risk should these data be exposed. This saves time and ensures that security always takes business needs into account. It’s also important to consider what, if any, third-party access to networks is allowed, and infrastructure-as-a-service (IaaS) provider access. Access to critical systems and data should be restricted through controls and privileged access management.
- Unified risk-based view of the data environment: IoB data will be obtained from a vast array of personal devices (aka assets) in a number of geographic locations. organizations collecting this information need to have a unified view of the extended risks for data across all devices – those in existence today and being developed for tomorrow. This increases the importance of authenticated vulnerability scanning with agents and passive monitoring, integrated into the CMDB (Configuration Management Database). This makes it possible to evaluate assets that are often offline (and thus invisible to active scans) by using large scan windows when assets finally connect to the network. Since the unknown cannot be protected and managed, the visibility of assets is critical.
- Focus on the Critical Risks: With the thousands of vulnerabilities being discovered every day in corporate environments, security teams don’t have time to determine which to focus on first. Companies therefore need solutions that help them better understand the actual, rather than the theoretical, effects of vulnerabilities. This means that security operations must be both risk-based and prioritized. Leveraging threat intelligence, vulnerability analysis and probabilistic data enables security officers to focus on the risks that are critical. Predictive risk-based prioritization saves time and resources to focus on critical risks. This becomes a crucial aspect in the complex IoB environment with many devices and risks. Knowing what is important saves time and resources.
- Security integration: Security integration must be guaranteed across applications, critical data, cloud-based assets, development, network infrastructure and operating technology. Security managers should consider protecting their Software-as-a-Service (SaaS) applications through a Cloud Access Security Broker (CASB) in addition to strong vulnerability management. CASB may manage configuration controls, but vulnerability management is also critical for cloud-based assets. You should also try to integrate all SaaS solutions into a single, central identity and access management solution.
A holistic, adaptable, security approach
Threat actors will be attracted by the sensitive IoB data flowing continuously through the 5G infrastructure. While attacks have yet to materialize, what we’ve seen with IT, IoT and OT attacks means it’s just a matter of time. It is essential that all organizations that form the chain powering IoB – from device vendors, infrastructure providers and organizations looking to capture and process the data, all take a holistic security approach to identify, address and close potential attack paths created by these new capabilities.
Given the interdependencies of networks, this is not easy, but all parties must join forces to combat these emerging threats. Collaboration will make it possible to prioritize security measures and build a trustworthy ecosystem. Visibility, prioritization, and planning should be the pillars of data security relied upon to create a secure foundation for IoB technology.
Adam Palmer, Chief Cybersecurity Strategist, Tenable
