Cybersecurity Can Protect Data. How About Elevators?
Business Lab
English - July 12, 2021 15:59 - 32 minutes - ★★★★ - 24 ratingsTechnology Business technology business innovation mit mit technology review technology review management artificial intelligence Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Advanced cybersecurity capabilities are essential to safeguard software, systems, and data in a new era of cloud, IoT, and other smart technologies. In the real estate industry, for example, companies are concerned about the potential for hijacked elevators, as well as compromised building management and HVAC systems.
According to Greg Belanger, vice president of security technologies at CBRE, the world’s largest commercial real estate services and investment firm, securing the enterprise has grown more complex—security teams must be familiar with controls and hardware on new devices, as well as what version of firmware is installed and what vulnerabilities are present. For example, if an HVAC system is connected to the internet, he questions, “Is the firmware that’s running the HVAC system vulnerable to attack? Could you find a way to traverse that network and come in and attack employees of that company?”
Understanding enterprise vulnerabilities are crucial to safeguard physical assets but investing in the right tools can also be a challenge, says Belanger. “Artificial intelligence and machine learning need large sets of data to be effective in delivering the insights,” he explains. In the era of cloud-first and industrial internet of things (IIoT), the perimeter is becoming far more fluid. By applying AI and machine learning to datasets, he says, “You start to see patterns of risk and risky behavior start to emerge.”
Another priority when securing physical assets is to translate insights into metrics that C-suite leaders can understand to help boost decision-making. CEOs and boards of directors, who are becoming more security savvy, can benefit from aggregated scores for attack surface management. “Everybody wants to know, especially after an attack like Colonial Pipeline, could that happen to us? How secure are we?” says Belanger. But if your enterprise is able to assign merit to various features, or score them, then it’s possible to measure improvement. Belanger continues, “Our ability to see the score, react to the threats, and then keep that score improving is a key metric.”
And that’s why attack surface management is critical Belanger continues, because “we're actually getting visibility to CBRE as an attacker would, and oftentimes these tools are automated. So we're seeing far more than any one hacker would see individually. We're seeing the whole of our environment.”
This episode of Business Lab is produced in association with Palo Alto Networks.
Advanced cybersecurity capabilities are essential to safeguard software, systems, and data in a new era of cloud, IoT, and other smart technologies. In the real estate industry, for example, companies are concerned about the potential for hijacked elevators, as well as compromised building management and HVAC systems.
According to Greg Belanger, vice president of security technologies at CBRE, the world’s largest commercial real estate services and investment firm, securing the enterprise has grown more complex—security teams must be familiar with controls and hardware on new devices, as well as what version of firmware is installed and what vulnerabilities are present. For example, if an HVAC system is connected to the internet, he questions, “Is the firmware that’s running the HVAC system vulnerable to attack? Could you find a way to traverse that network and come in and attack employees of that company?”
Understanding enterprise vulnerabilities are crucial to safeguard physical assets but investing in the right tools can also be a challenge, says Belanger. “Artificial intelligence and machine learning need large sets of data to be effective in delivering the insights,” he explains. In the era of cloud-first and industrial internet of things (IIoT), the perimeter is becoming far more fluid. By applying AI and machine learning to datasets, he says, “You start to see patterns of risk and risky behavior start to emerge.”
Another priority when securing physical assets is to translate insights into metrics that C-suite leaders can understand to help boost decision-making. CEOs and boards of directors, who are becoming more security savvy, can benefit from aggregated scores for attack surface management. “Everybody wants to know, especially after an attack like Colonial Pipeline, could that happen to us? How secure are we?” says Belanger. But if your enterprise is able to assign merit to various features, or score them, then it’s possible to measure improvement. Belanger continues, “Our ability to see the score, react to the threats, and then keep that score improving is a key metric.”
And that’s why attack surface management is critical Belanger continues, because “we're actually getting visibility to CBRE as an attacker would, and oftentimes these tools are automated. So we're seeing far more than any one hacker would see individually. We're seeing the whole of our environment.”
This episode of Business Lab is produced in association with Palo Alto Networks.