How IoT Solutions Are Taking Tech Into The Future

By Matthew Margetts, Director, Smarter Technologies

The Internet of Things (IoT) is becoming a household name – and one that has found unique applicability in not only our homes, but in our businesses, workplaces, and cities. The number of installed IoT devices is expected to surge to around 30.9 billion units by 2025. The myriad of different forms of technology has the potential to provide incredible business value.

They are vital tools for digital transformation and datafication – and their power lies in performance improvements, as well as problem-solving capabilities. IoT’s importance as a technology trend this year and into the future is the role it plays in the successes of other technologies. For business owners looking to drive evolution, keeping a finger on the pulse of the latest IoT trends is important for agility into 2023 and beyond.

WHAT IS IoT?

Broadly speaking, IoT is the ecosystem of internet-connected smart devices and technologies in our homes, cities, and workplaces that continuously collect data.

IoT FACTS AND FIGURES IN 2022 AND BEYOND

There are more than 7 billion connected IoT devices currently in operation.

By 2030, 75% of all devices are expected to be IoT.

Worldwide IoT spending is anticipated to reach $1 trillion and this growth rate is predicted to continue in 2023 and beyond.

WHY IS IoT IMPORTANT?

A Quick View of the Benefits of IoT in Business

IoT solutions help to build resilient supply chains

Improved health, wellbeing, safety, and security

Optimised asset usage and maintenance

Reduced overheads

Improved communication and engagement

Meaningful sustainability and environmental advances

TECHNOLOGY TRENDS: POWERED BY IoT

1. Remote Monitoring

According to McKinsey, the COVID-19 pandemic accelerated the adoption of digital technologies by seven years. Off the back of global lockdowns, this naturally includes the requirement for remote monitoring and the move towards automated systems. These IoT-based technologies are being adopted to transform everything from building monitoring and machine performance to building occupancy and machine learning.

2. Modular Smart Technologies Solutions

The preference for individual devices performing multiple functions has given way to networks of devices. This network of devices creates a modular system of individual utilities and processes. The result is a granular view of whole operations, which works toward holistic network benefits.

3. Data Analysis

Data is arguably one of the top strategic tools for businesses. High-quality data plays a role in designing business strategy (what can be monitored can be more effectively managed) and ensuring the integrity of supply chains. Through alerts around deviations from “normal” data sets, real-time action is also inspired, which can avert disaster and save costs.

Data also has the ability to inspire high-level compliance, machine learning, customer service, maintenance schedules, safety and security. Additionally, it gives invaluable insights for the purposes of gauging return on investment and preventing wastefulness.

4. Artificial Intelligence, Machine Learning, and Visual Inspection

The concepts of artificial intelligence, machine learning, visual inspections, and automation are becoming increasingly commonplace. These functions are all best guided by data insights – removing the unpredictability and margin of error from human processes.

5. Advanced Networks

As IoT technologies evolve, so too do the networks around them. Improved speed, security, and reliability of networks and connectivity infrastructure are the precursor to IoT sensors, wearables, smart cities and homes.

6. Smart Buildings, Smart Cities

IoT and smart technologies are being used to optimise various functions within the city environment. This is being done as a means of creating a more engaged public and improving everything from public transport systems to responsible and environmentally conscientious resource utilisation.

IoT technologies and smart technology solutions have also found their way into businesses, buildings, healthcare, retail, agriculture, and manufacturing. IoT technologies stand to have a bearing on many different facets of these different sectors. This includes vaccination cold chains, predictive maintenance for enhanced equipment management, transport and logistics. The applications are endless – and are easily tailored to the specifics of a project or long-term strategic objective.

7. Digital Twins 

Digital twins are virtual replicas of a physical product, process, or system that bridge the physical and digital worlds. Today’s digital twins use sensors to collect real-time data about a physical item, which is used to create a virtual duplicate of the item. The digital duplicate can be optimised, manipulated and analysed to test different scenarios in a risk-free environment.

WHAT ARE THE CHALLENGES FOR IoT?

Security

According to Kaspersky research published in the first quarter of 2022, 43% of businesses have unprotected IoT infrastructure – and cybersecurity concerns remain a barrier to IoT systems implementation (as reported by 57% of surveyed businesses).

As IoT devices become more prevalent – and as our reliance on them increases – so security concerns take on renewed importance. Gartner reports that 20% of organisations have experienced cyber attacks on IoT devices over the past three years.

Chip Shortages

The supply of semiconductor chips for IoT solutions has been put under strain by the high demand in recent times, resulting in a chip shortage. This is expected to limit IoT growth by 10-15% in 2022. The good news is that public and private sector efforts by the European Union are designed to meet the challenges of the shortage and make way for achieved growth potential.

Latency

Traditionally, the optimal effectiveness and speed of data transmission of IoT technologies has hinged on bandwidth capabilities. Network advances will ensure not only that data is transmitted in real time as required by many applications, but also that this process is done securely.

ABOUT THE AUTHOR

Matthew Margetts is a Director at Smarter Technologies. His background includes working for blue-chip companies such as AppNexus, AOL/ Verizon, and Microsoft in the UK, Far East and Australia.

(346)

Entries for the 2022 Cyber OSPAs are open until 15th August

For any enquiries please email enquiries@theospas.com

The categories and criteria for the Cyber OSPAs are listed below.

Please note that it is important that all the entry criteria are covered in the submission, as judges can only provide their scores against the information that is submitted on the entry. External links and attachments are not permitted.

(101)

Next Generation of Developers Establish Secure Coding Skills Through Two-Week Competition

BURLINGTON, Mass. – March 31, 2021 – Veracode, the largest global provider of application security testing (AST) solutions, announced today the winner of its first-ever Hacker Games competition, which challenged students to hack and patch real-life apps online. WMG Cyber Security Centre at the University of Warwick was crowned the winner and awarded a $10,000 charitable donation after successfully completing 1,854 challenges over the course of two weeks, while Tufts University took second place and a $5,000 donation. In addition, each individual player from the winning teams and overall top scorers won prize money.

Professor Tim Watson, Director of the WMG Cyber Security Centre at the University of Warwick, said, “The Hacker Games were a fantastic way to promote secure software development and provided our students with a highly challenging experience. The labs are tremendous resources and we will be encouraging our students to take advantage of them to further their skills and experience. We are very grateful to Veracode for creating such a wonderful environment and competition.”

Setting Future Software Developers Up for Success

By empowering the next generation of software developers to write secure code, the Veracode Hacker Games aim to help plug the cybersecurity skills gap. The two-week collegiate competition saw nearly 90 computer science and cybersecurity students from leading universities across the U.S. and U.K. complete hands-on challenges in Veracode Security Labs. Altogether, participants solved a total of 8,500 labs and accumulated nearly 100,000 points.

Chris Wysopal, Founder and Chief Technology Officer at Veracode, said: “The cybersecurity skills gap is proving costly to corporations worldwide. The Hacker Games are a way for us to demonstrate the importance of secure coding to the next generation of software developers. The passion, competitive spirit and commitment from each participating university was impressive and we’re excited to work with each of these schools to make software security a more regular part of their curriculum.”

All participating universities in the Hacker Games will be given complimentary Veracode software for a year. For more information about the universities and teams, visit www.hackergames.io.

About Veracode

Veracode is the leading independent AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. 

Veracode serves 2,500 customers worldwide across a wide range of industries. The Veracode solution has assessed more than 25 trillion lines of code and helped companies fix more than 59 million security flaws. Learn more at www.veracode.com, on the Veracode blog, and on Twitter.

(390)

The Cyber Security Alliance-led Formation Project has created an umbrella body that will grow to champion cyber security education, training and skills

LONDON – March 31^st 2021 – The UK Cyber Security Council – the self-regulatory body for the cyber security education and skills sector – today announced that the Formation Project to create the Council has completed, allowing the Government-mandated Council to officially become an independent entity, fully and only accountable to its Trustees.

The Council will champion the cyber security profession across the UK, providing broad representation for the industry, accelerating awareness and promoting excellence in the profession. It will do this by delivering thought leadership, career tools and education resources to the cyber security sector and those seeking a career in the industry, alongside helping influence government, industry and academia with the aim of developing and promoting UK cyber security excellence globally and growing the skills base.

Dr Claudia Natanson, chair of the Council’s Board of Trustees, said: “The Formation Project has put down solid foundations on which the Council can build, and that is what the Council is able to, and will do, from today. The next few months will be especially busy; we are now able to hire and start work on gaining traction and momentum across and beyond the profession. We’ll also be engaging with Government to ensure the delivery of the standards and governance needed to ensure a strong cyber security profession now and in the future. The trustees assure all those involved in the Council to date of our maximum efforts to take their work forward.”

Near-term tasks for the Council include:

• the appointment of a permanent leadership team, who will work with the Board of Trustees to establish the Council as a leader in the profession, influencing its standing and reputation within the UK and globally; and

• the recruitment of personnel to take forward the work of the Formation Project on elements of the Council’s remit, including recognition for cyber security practitioners, professional ethics, diversity and inclusivity in the profession and thought leadership

Dr Natanson also thanked the Cyber Security Alliance and the member organisations that supported the Formation Project. “For twenty months, scores of volunteers from the 16 forward-thinking organisations of the Cyber Security Alliance have devoted countless hours to getting the Council to this date. We cannot thank them enough, because without them there would be no Council. In the teeth of a pandemic, to reach this date with the Council on schedule is remarkable,” she said.

Dr Budgie Dhanda, managing director of 3BDA and co-chair of UK Cyber Security Council Formation Project, said: “The volunteers from the members of the Cyber Security Alliance have put heart and soul into the Formation Project, and the members of the Alliance itself have supported their staff all the way. We’re all very proud of what we’re handing over today and look forward to its evolution into a fully functioning, effective Council to represent our profession through the changes ahead.”

Dr Bill Mitchell OBE, chair of the Cyber Security Alliance, “Today marks a significant milestone for the many people who are today and will be in the future handed the enormously important task of protecting the United Kingdom and its economy from cyber threats that undermine the foundations of modern society.  Handing over the Council to its trustees is the culmination of over four years of commitment to a shared vision and shared values of public benefit from 16 organisations that came together in recognition of the breadth of skills and disciplines that go into this task. Now a new profession for the UK can be officially recognised and supported. The Alliance remains fully committed to supporting the new Council and ensuring it succeeds at the pace and with the reach the UK needs as we recover from the pandemic and find our place outside the EU.”

The Council has been invited by the NCSC to participate at CYBERUK, the UK government’s flagship cyber security conference in May. It will outline some initial plans at the event.

History of the Council to date

• In November 2016, the UK Government’s National Cyber Security Strategy 2016-2021 set out “the UK Government’s plan to make Britain secure and resilient in cyberspace”.
  It included ambitions to develop and accredit the cyber security profession by: “…reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.”

• In December 2018, the Government’s Initial National Cyber Security Skills Strategy policy paper specifically prescribed a new, independent body: the UK Cyber Security Council.
  The policy stated that: “Our ambition is for there to be a new, independent UK Cyber Security Council that will embolden the profession to structure and develop itself in a way that meets current and future demands. The Council will be charged with the development of a framework that speaks across the different specialisms, setting out a comprehensive alignment of career pathways, including the certifications and qualifications required within certain levels. The Council will lay the structural foundations of the cyber security profession that will enable it to respond to the evolving needs of industry and the wider economy.”

• In August 2019, the Department for Digital, Culture, Media and Sport (DCMS) appointed the Cyber Security Alliance following a competitive tender process, with the  Institution of Engineering and Technology (IET)serving as the lead organisation, to design and deliver the UK Cyber Security Council.

• In a statement on February 9^th 2021, the Department for Digital, Culture, Media and Sport (DCMS) confirmed that the launch of the Council was scheduled for the end of March 2021.

The Cyber Security Alliance
The Cyber Security Alliance brings together a range of established knowledge and disciplines, each of which currently has a leadership role in underpinning UK expertise in the digital environment.  With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of cyber security, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy, including the stated intent to recognise professionals through Chartered status. Members include:

• (ISC)²
• BCS, The Chartered Institute for IT
• Chartered Institute of Information Security (CIISEC)
• Chartered Institute of Personnel and Development (CIPD)
• CompTIA
• CREST
• Chartered Society of Forensic Sciences (CSFS)
• Engineering Council
• Information Assurance Advisory Council (IAAC)
• The Institution of Analysts and Programmers (IAP)
• The Institution of Engineering and Technology (IET)
• Institute of Measurement and Control (InstMC)
• ISACA
• Security Institute (SyI)
• techUK
• The Worshipful Company of Information Technologists (WCIT)

About the UK Cyber Security Council
The UK Cyber Security Council is the regulatory body, and voice, for UK cyber security education, training and skills. It drives progress towards meeting the key challenges the profession faces and develops, promotes and stewards nationally recognised standards for cyber security qualification and learning. The Council, working closely with the National Cyber Security Centre (NCSC), the UK’s national technical authority for cyber security, supports the UK Government’s National Cyber Security Strategy to make the UK the safest place to live and work online.

The establishment of the Council by the Cyber Security Alliance consortium of cyber security professional bodies was commissioned by the Department for Digital, Culture, Media and Sport (DCMS) in September 2019.

(274)

A British Army Sergeant and digital forensics expert and a forensics team from the British Army’s Royal Military Police (RMP) have proved they are the best in their field, having won two top awards the International Digital Investigation Awards 2020. The IDIA celebrates innovative action by law enforcement agencies from around the world.

The virtual ceremony hosted nominations from world renowned organisations including the Federal Bureau of Investigation (FBI) and the Metropolitan Police in categories including digital forensic techniques, collaborative investigation and digital investigator of the year, to name a few.

Use of Advanced Digital Forensic Techniques Award

Sergeant James Stubbs, of the Service Police Cyber Crime Centre (SP3C) scooped the Exceptional Use of Advanced Digital Forensic Techniques Award, beating other highly skilled specialists and team finalists from the Metropolitan Police Service Cybercrime Unit and Leicestershire Police’s Digital Media Intelligence unit.

On receiving the award, Sgt Stubbs said: “I’m delighted to have been nominated and to have won the award for what was a challenging and rewarding investigation. Details of the techniques I used have been requested by INTERPOL Cyber Crime, raising SP3C’s profile internationally.

“I am also proud of SP3C, SPCB, FIIU and FIB for receiving the award for Collaborative Investigation, both awards have provided positive exposure of the Service Police and its efforts to our international counterparts,” he said.

Sgt Stubbs was nominated for his ground-breaking work and carrying out digital forensic investigations to support a US Service Police CID investigation into a sudden death in Iraq in 2019. He was able to retrieve the data from the deceased’s very damaged fitness watch, despite the fact that there was no forensic support for this type of device at the time.

This was of immense importance for the investigation, meaning that time and place of death could be established, enabling the investigators to determine whether any criminal activity had occurred.

More broadly, Sgt Stubbs’s work will also benefit the wider law enforcement community as his work has significantly enhanced understanding of how to forensically analyse such devices, so could be used in future cases to determine time of death and posthumous movements in sudden death or murder cases.

Team Collaborative Award

The RMP Specialist Operations Regiment was recognised in the Team Collaborative Award for their work alongside members of the Royal Navy Police Special Investigation Branch (RNP SIB) for their work in extracting, decoding and interpreting electronic information from a number of devices seized as part of an investigation into alleged possession of indecent images of children.

Spec Ops Regt continued to support the investigation when jurisdiction was passed to Northumbria Police. As a result, a former serviceman was sentenced to 14 years in jail, made subject to a sexual harm prevention order, a restraining order for life and is on the sexual offender’s register for life.

The team was shortlisted alongside Op BLEAK (a collaboration between North West Regional Organised Crime Unit, the National Cyber Crime Unit and the Australian Federal Police), and National Undercover Online.

‘Best of the best’

Brigadier Viv Buck, Provost Marshal (Army) said: “I am incredibly proud that the RMP has won two awards in the International Digital Investigation Awards 2020, particularly against such high-quality competition from other UK and international law enforcement agencies.

“This is a true reflection of the credibility, competency and excellence of the Service Police team working in digital forensics; they truly are among the best of the best.”

(333)

Following confirmation that the BeeBone botnet had been sinkholed last week, OpenDNS IT Pro – Owen Lystrup warns that this is just the first step in stopping these infected machines:

“While the difficult effort of stopping the botnet is complete, it is only the first step to ensuring security for those affected. The next, and perhaps more crucial, steps are to shutdown the servers involved and clean the infected endpoints. As we’ve seen before with cases like Kelihos, botnets can resurface after a dormant period.
“The interagency sinkhole essentially chops the botnet’s capability at its knees. However, unless they have been thoroughly cleaned, the endpoints compromised are still very much infected. The sinkhole merely means outbound traffic intended for what were formerly command and control (C&C) IPs will now get dropped. This result is positive. It means those infected machines will no longer receive instructions from a malicious server – for now.”

Dhia Mahjoub, senior security researcher at OpenDNS, has spent a great amount of time researching botnets – like Kelihos and Zbot, which have similar characteristics to Beebone. And he’s fully aware of the challenges involved with stopping them. “Sinkholes are good for telemetry, which will measure the extent of the threat,” he said. “Step two is for law enforcement to actually take down the involved servers, and to clean the endpoint machines.”

After the press release announcing the takedown, the OpenDNS security research team used the preliminary data to map the known infrastructure and compare it using its own unique view of DNS traffic on the internet. Analysis from OpenDNS shows traffic requests to these formerly malicious domains are still at very high levels. The continued significant traffic to these domains suggests that cleanup efforts have not been effective yet.

In conclusion, Dhia said, “Cleanup is incredibly difficult because the burden lies on the individuals using infected machines, or their ISPs. It’s a huge effort and very expensive. But without it, botnets can potentially pick up where they left off.”

A graph visualising this traffic is available here:

(347)

OPSWAT, provider of solutions to secure and manage IT infrastructure, announced the release of a new statistics feature for their free anti-malware multi-scanning service, Metascan® Online. The newly-released malware statistics page provides a list of the 100 most searched for threats from the past week, including detailed scan results. The statistics page is updated daily and provides the ability to track the scan history of a given threat, giving researchers insight into the growth rate of malware detection rates.

 

The Metascan Online data can be used to investigate the current threats generating the most searches, as well as to monitor the detection rate of new threats. OPSWAT CEO Benny Czarny expressed excitement over the research and data analysis possibilities created by the new technology, stating that “the Metascan statistics tool provides information about the malware samples in our database, giving malware researchers the ability to dig into the types of threats that are currently circulating as well as track how the detection of new threats changes over time.”

 

To reduce the risk of false positives at least five of Metascan Online’s 40+ anti-malware engines must flag the file as a threat for it to be included. According to Product Manager for Metascan Online, Ronald Melencio, five engines seemed to be the “sweet spot” for detection. He went on to say that “we were concerned about false positives, but if the minimum is set too high we could eliminate real, new, interesting threats.”

 

The statistics page provides a nearly real-time visualization of the value of multi-scanning. No single anti-malware engine detects 100% of threats 100% of the time, but using multiple engines to scan for threats allows users to take advantage of the strengths of each individual engine and to guarantee the earliest possible detection. While the data included on the statistics page shows only a subset of the most common threats in the wild and utilizes only the Windows-based anti-malware engines in Metascan Online, it provides an indication of the variability of detection rates of common malware by the anti-malware community.

 

OPSWAT elicited feedback from their partners within the anti-malware and malware research community as they developed this new feature in the hopes that it would provide information that was interesting, but not misleading for consumers. It is important to note that the detection data comes from static analysis performed by Software Development Kit (SDK) and Command Line Interface (CLI) package versions of the anti-malware engines included in Metascan Online and not from endpoint desktop applications which may be capable of enhanced behavioral and other dynamic analysis. Detection rates, therefore, may differ significantly from commercial endpoint performance. Therefore the data should not be used for comparative analysis of desktop or server anti-malware application. To discourage such comparisons, OPSWAT has chosen to anonymize the scan engine names.

 

About Metascan Online

Powered by OPSWAT’s Metascan technology, Metascan Online is a free online scanner that scans files for malware using more than 40 commercial anti-malware engines from leading security vendors such as Kaspersky Lab, McAfee, AVG, Avira and many others. The Metascan Online API allows users to programmatically upload and scan files or to search for previous scan results using a file’s hash (MD5, SHA1 or SHA256). By utilizing the hash lookup functionality, users can easily see if the file has previously been scanned by Metascan Online and get the scan results without sending the file over the Internet to be scanned.

(543)