As IoT attacks soar, Stowe rewires its network security

With Australia awash in IoT attacks, electrical contractor takes a new architectural approach to limit its internal exposure

IoT > Internet of Things > network of connected devices
Jackie Niam / Getty Images

Recognising conventional networks’ exposure to lateral movement, electrical and communications contractor Stowe Australia has introduced software-based segmentation technology that has significantly improved its resistance to east-west movement by hackers or compromised Internet of Things (IoT) equipment.

The decision to introduce Illumio’s Adaptive Security Platform came as the company considered how to protect itself against the increasingly common scenario where a hacker slips onto a company network unseen by using a legitimate user’s credentials.

Such attacks comprised 29 percent of thousands analysed for Verizon’s Data Breach Investigations Report (DBIR) 2019, which also found that outsiders perpetrated 69 percent of the data breaches.

Protection against compromise by IoT devices is particularly salient for Stowe, whose core business has rapidly evolved to include smart buildings that introduce a raft of new sensors and controls to building environments.

Given the preponderance of potential security issues with IoT equipment – and IIoT (industrial IoT) particularly used in industrial and commercial processes – Stowe group technology officer Karl Houseman said the decision to try a new security approach was a no-brainer.

“If you think your organisation is impenetrable, you’re living in a fool’s paradise,” he explained.

“We are constantly looking for ways to stay one step ahead of nefarious actors. But anti-virus is not enough because a hacker is not a virus – that’s a user, essentially, on your internal network.”

Eight out of 10 Australian organisations have experienced hacking attempts utilising their IoT equipment, according to new figures from Extreme Networks that also found the local rate to be higher than the global average of 7 out of 10 respondents.

Fully 84 percent of the 540 surveyed IT professionals said they are using IoT devices on their networks and 70 percent said they were aware of successful or attempted hacks on the devices – but more than half still aren’t using any security measures beyond default passwords.

This had perpetuated a situation where, just like Houseman, 9 out of 10 IT professionals simply aren’t confident that their network is protected against attacks or data breaches.

"Enterprise adoption of IoT, coupled with the fast rise of cloud and edge computing, is massively expanding the attack surface,” Extreme Networks director of product marketing David Coleman said in a statement. “But the single greatest cybersecurity threat today is inertia.”

“This data shows that across sectors, IT professionals are not confident in their own network security,” he continued. “Yet so many organisations still rely on the same legacy security tools they've been using for decades. It's critical for enterprises to demand multi-layered network security solutions purpose-built for the modern, hybrid enterprise."

Stowe’s investment in Illumio has allowed it to overhaul its internal network security, moving away from manually-programmed firewalls and instead using security segmentation technology that limits the spread of breaches by isolating different parts of the network.

This approach extends across the company’s data centre and cloud environments, providing the company with a robust tool for managing its exposure to potential data breaches.

“We are at ease knowing we have the visibility and protection for our most valued assets,” Houseman said. “It’s cheap for the peace of mind it gives.”

Related:

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies