Summary: Emerging regulations and shifting buyer expectations have transformed embedded security into a critical requirement. For enterprises, specialized training is critical to maintain global market access. For individuals, it is the key to career longevity in an automated world.

As devices become more connected and autonomous, protection against cyber security incidents is of paramount concern for companies aiming for global market access and consumer loyalty. In the modern digital economy, security has transitioned from a defensive cost to a primary brand differentiator. To maintain a competitive edge, technical professionals and business leaders must shift toward developing skills in embedded security, which involves reinforcing the hardware-software interface.

Catalysts for the Shift: Trust and Regulation

This widespread transformation, driven by evolving regulations as well as market demands, is why industries across the globe are reevaluating how they prioritize and develop security talent. Two changes are currently acting as catalysts for this shift:

• The “Trust Premium”: The increased willingness of consumers to pay more for devices and brands they trust to secure their data and protect their privacy, and to abandon those they don’t
• UN Regulation No. 155 (UN R155) and UN Regulation No. 156 (UN R156): Mandatory compliance measures that require automotive manufacturers and suppliers in signatory markets to implement cyber security management systems and software update management systems

Today, whether a product is a software-defined vehicle or a smart wearable, the fundamental commodity being sold is security.

Capturing the IoT Trust Premium

As smart devices integrate deeper into our private lives, the ability to protect consumers’ information is even more vital to market success. In fact, 64% of consumers report significantly higher confidence in brands that implement advanced security and data protection technologies.

To earn consumer loyalty, brands must move beyond data minimization and embrace systemic resilience. Companies must safeguard their infrastructure down to the hardware, which provides a level of protection that simple software patches can’t match. But defense is only half the battle. True systemic resilience stems from designing systems that can withstand, adapt, and recover from attacks while upskilling talent to stay ahead of evolving threats to sensitive digital information.

From Trust to Loyalty

Consumers are increasingly voting with their wallets by abandoning brands that fail to protect their digital footprints.

With the global smart home market projected to reach nearly US$180 billion in 2026, security has evolved from a technical checkbox into a high-stakes business requirement. For manufacturers and service providers, secure-by-design infrastructure isn’t just an ethical choice; it’s a commercial accelerator.

Measurable Impact by Design

Building trust has a clear, measurable impact on the bottom line:

• Accelerated Sales Cycles: Retailers and platform providers are tightening their compliance requirements. Companies with hardware-level security can streamline or bypass lengthy vendor audits and risk assessments, closing deals faster than less-secure competitors.
• Trust Premium: Consumers who trust a brand are more likely to pay premium prices, use extra services, and become a brand advocate, meaning security-conscious brands can command higher margins.
• Customer Retention: Following an incident or negative press, brands with a reputation for resilience are less likely to lose customers as they remain confident in the company’s ability to recover.

As household and industrial adoption of smart devices continues to rise, the demand for engineers with the specialized skills required to move from standard tech to secure-by-design products will only intensify. Position yourself or your organization at the forefront of this consumer shift by mastering the fundamentals of Internet of Things (IoT) security.

Realizing Global Ambitions for Automotive Security

The automotive cyber security market is expected to grow to US$10.4 billion by 2034. As vehicles become more software-dependent, they offer unprecedented benefits in personalization and fuel efficiency but also present new safety implications. Cyber attacks and data breaches introduce new risk vectors, threatening public safety and infringing on user privacy. These threats can be addressed through compliance with widespread regulations and gaining a better understanding of the steps necessary to secure the vehicular network.

Speeding Toward Mandatory UN R155/R156 Compliance

Automotive manufacturers and tier-one suppliers have been sprinting toward phased mandatory compliance with UN R155 and UN R156 cyber security requirements in recent years.

• UN R155 mandates that vehicles be protected over their entire lifecycle via a verified cyber security management system (CSMS).
• UN R156 requires that vehicle software update management systems (SUMS) ensure over-the-air software updates are secure.

While the U.S. is not a formal signatory of these regulations, its influence is inescapable for any manufacturer or supplier with global ambitions. Non-compliance can mean being shut out of some of the most lucrative U.S. automotive export markets. The more than 50 signatory countries include Japan, Korea, and the European Union. Even within U.S. boundaries, mastering CSMS requirements early could offer future flexibility, helping organizations avoid the considerable costs of retrofitting security into finished platforms.

How Specialization Protects the Individual and the Enterprise

For the individual, mastering new protocols and skills in cyber security offers a path to becoming an indispensable asset, with the demand for senior engineers outpacing graduation rates. While AI can automate general coding tasks, it lacks the nuanced problem-solving required to architect embedded security systems.

For enterprise leaders, internal upskilling is the most efficient bridge to meeting future market demands. Investing in your current team optimizes operational costs and fosters the loyalty to retain top performers in-house. It’s a dual win: meeting complex regulations while future-proofing the organization’s most valuable asset.

Take the Next Step in Your Technical Evolution

Whether you’re an engineer seeking in-demand skills or an employer looking to educate and grow your team, industry shifts like these have implications you can’t afford to ignore.

While 70% of organizations expect the demand for technical contributors to rise, a mere 29% currently provide the training necessary to transition staff into specialized cyber security roles. This widening gap presents a critical opportunity for business leaders and professionals alike to gain a professional edge.

To invest in your career longevity and develop your skills in these critical areas, sign up for the All About IoT Security and Automotive Cyber Security: Protecting the Vehicular Network course programs. Participants earn professional development credit and a shareable digital badge, and IEEE members receive a US$100 discount.

Or, at the enterprise level, connect with an IEEE Content Specialist today to discuss bringing IoT security and automotive cyber security training to your organization.

In today’s hyperconnected world, every click, code commit, and cloud deployment carries risk. Whether you’re an engineer, developer, technical leader, or staff member, cyber security is part of your job description.

October marks Cyber Security Awareness Month, a global initiative to raise public awareness and encourage individuals and organizations to protect themselves in the digital world. But cyber security isn’t seasonal. It’s an ongoing responsibility that must be embedded into our daily habits, professional practices, and organizational culture.

The Rising Stakes of Cyber Security

The digital transformation of industries has unlocked innovation, efficiency, and global collaboration. But it has also exposed critical vulnerabilities. As our reliance on digital systems deepens, so does our exposure to cyber threats.

Industries most frequently targeted include:

• Manufacturing: due to complex supply chains and legacy systems
• Healthcare: where sensitive patient data is a prime target
• Finance & Insurance: where breaches can have immediate monetary consequences

Cyber security is not just for tech teams. It plays a vital role across every job function and every sector.

Cyber Security Starts With You

While headlines often focus on sophisticated hacks and zero-day exploits, the reality is that up to 98% of cyberattacks involve social engineering. That means attackers are exploiting human behavior such as phishing emails, fake login pages, and deceptive messages to gain access.

This underscores a critical truth. Cyber security is not just a technical challenge, it’s a human one.

Actions Every Professional Should Take

Cyber threats don’t wait for IT teams to respond. Every role has a part to play in keeping systems safe and resilient. Here are foundational steps every professional should take:

• Embed Multifactor Authentication (MFA)
  Add an extra layer of protection by requiring a second form of verification beyond passwords.
• Build Secure by Design
  Prioritize security from the start of any project or system development, not as an afterthought.
• Maintain Regular Updates and Patch Management
  Keep software current to close known vulnerabilities and reduce exposure to threats.
• Promote Phishing Awareness
  Train teams to recognize and report suspicious emails, links, and messages before they cause harm.
• Apply Least Privilege Access
  Limit user permissions to only what’s necessary for their role to minimize risk.

These practices may seem basic, but they form a strong base for cyber safety.

Cyber Security Trends to Watch

As digital threats evolve, so do the strategies and priorities shaping the future of cyber security. Here are five threats professionals should keep on their radar:

1. AI-driven attacks and defenses are becoming more sophisticated with machine learning powering both offensive tactics and protective technologies.
2. Zero Trust Architecture is gaining traction as organizations shift toward models that verify every user and device, without assumptions or shortcuts. 
3. Global governance efforts are accelerating, as nations and institutions collaborate to establish unified standards for cyber resilience. 
4. Ethical considerations are moving to the forefront with transparency, fairness, and accountability becoming essential components of secure systems. 
5. Workforce development remains critical as the global demand for  skilled cyber security professionals continues to outpace supply.

Technical professionals must stay ahead of these trends in an effort to not just to protect systems, but to shape the future of secure innovation.

Get the Training You Need With IEEE

Amid the growing threat of cyber incidents, continuous learning is essential. The IEEE Learning Network (ILN) offers a wide range of cyber security-related course programs designed for engineers and technical professionals.

In honor of Cyber Security Awareness Month, ILN is offering a 25% discount on select courses. Use promo code CSM25 at checkout before 31 October 2025 to claim your discount.

Featured courses include:

• All About IoT Security
• Protecting Privacy in the Digital Age
• Smart City Technologies: Transformation of Cities
• Automotive Cyber Security: Protecting the Vehicular Network

Completion earns you professional development credit and a shareable digital badge, making it easy to showcase your commitment to safe, responsible practices.

Invest in the skills that will protect you and your organization!

Could your organization be the next victim of a cyber attack? Few other technological advancements have been adopted by so many people in such a short period of time as the Internet of Things (IoT). Originally used by governments as a means of sharing information, IoT was first rolled out for mainstream commercial and consumer use in the early-to-mid 1990s. Just three decades later, it’s currently amassed 5.19 billion users globally— nearly two-thirds of the world’s population.

Defined as a global computer network enabling access to and communication with the world’s wealth of information, people, and devices, data industry expert Sean Mallon recently referred to IoT as “the most important development of the 21st century.”

The Dark Underbelly of IoT

While the Internet of Things has clearly transformed global communications, improved the speed and efficiency of information exchange for consumers and businesses alike, and impacted the fundamental way in which modern society interacts and operates, it has a dark side as well. This primarily takes the form of bad actors who capitalize on opportunities to use the technology for nefarious purposes.

Botnets

Take, for example, the use of botnets. Hackers infect these networks of private computers with malicious software. They then control the botnets remotely, directing each connected device to perform tasks without the network owners’ knowledge.

Within unsecured computers, bad actors can use botnets to deploy malware, steal personal information, and attack websites. For example, internet giants Cloudflare, Google, and Amazon Web Services narrowly avoided a disastrous attack in October 2023 when a botnet involving 20,000 computers attempted a record-large and unprecedented distributed denial-of-service (DDoS) attack on those three organizations’ websites and services.

Bad actors also use botnets as a key means of spreading misinformation. A real-life example of botnets proliferating in daily life and impacting a massive group of people was witnessed during the 2016 U.S. presidential election, when hackers used Twitter accounts to share inaccurate information that was made to appear factual and trustworthy in order to influence public opinion.

Malware

Malware– an umbrella term referring to any intrusive software that hackers develop to steal data and damage or destroy computers or systems– is yet another type of attack that can be perpetrated through IoT and any unsecured connected devices. It comes in various forms such as viruses, worms, spyware, adware, and ransomware.

Real-life examples of the threat posed by malware include what’s become known as “CovidLock,” a ransomware attack in 2020 that took advantage of people’s desire for more information on COVID to ultimately deny access to Android users’ devices unless they paid a “ransom” of US$100. In the business community, the famed “Emotet” virus in 2018 propagated financial theft of bank accounts and cryptocurrencies, resulting in damages of US$1 million to the city of Allentown, Pennsylvania and US$2 million to Chilean bank Consorcio. According to Statista, 5.5 billion malware attacks were detected globally in 2022. Experts fear that this number will only continue to grow worldwide with the proliferation of artificial intelligence (AI) tools.

Safeguard Your Company from IoT Cyber Threats

Given our global society’s ever-expanding use of the Internet of Things and connected devices, along with the growing sophistication of tools employed by hackers, is your organization adequately positioned to help prevent cyber attacks and the damage they can inflict on your company’s financial status, brand, and reputation?

All About IoT Security, an eLearning program from IEEE, is here to help you bolster your defense against this threat.

This online program recognizes that, as Internet devices and systems become increasingly commonplace in our interconnected and digitalized society, connected devices run the increasing risk of being targeted and abused as tools to facilitate other malicious activities.

Developed by IEEE Educational Activities with support from the IEEE Internet of Things Technical Community, this six-course program provides audience members with a broad overview of IoT security, starting with malware (botnet detection and malware analysis) followed by vulnerabilities, network monitoring, setting up of testbeds, and application of blockchain in IoT security.

Specifically, learners will receive instruction on challenges and opportunities in IoT security and how IoT botnets grow their networks as well as forensics of IoT malware, taxonomy when designing an IoT system for security purposes, and the application of blockchain to the IoT. The course program is ideal for engineers in the fields of product and design, communications systems, computers, software and security, artificial intelligence and machine learning.

Interested in access for yourself? To enroll in this course, visit the IEEE Learning Network.

Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization today.

 

Resources

Petrosyan, Ani. (22 September 2023). Number of Internet and Social Media Users Worldwide as of July 2023. Statista.

Mallon, Sean. (14 May 2020). IoT is the Most Important Development of the 21st Century. SmartData Collective.

(5 December 2017). What is a Botnet?. Panda.

Temming, Maria. (20 November 2018). How Twitter Bots Get People to Spread Fake News. ScienceNews.

Starks, Tim and DiMolfetta, David. (11 October 2023). The Largest Cyberattack of its Kind Recently Happened. Here’s How. The Washington Post.

What is Malware? Cisco.

Privacy By Design. Deloitte.

(4 June 2021). 11 Real and Famous Cases of Malware Attacks. Gatefy.

Panduru, Diana. (9 August 2021). 10 Malware Examples: Most Famous And Devastating Cases In History. Attack Simulator.

Petrosyan, Ani. (31 August 2023). Malware – Statistics & Facts. Statista. 

By the end of 2023, reports estimate the world will have over 16.7 billion connected Internet of Things (IoT) devices. This means there will be a tremendous amount of potentially vulnerable targets if they are not properly protected. As the world continues to implement more networks, the importance of IoT security will grow in order to maintain confidence in such devices and systems.

What is IoT Security?

The Internet of Things (IoT) can be defined as the network of software-embedded objects that connect and exchange data with themselves and other devices. IoT security focuses on safeguarding connected devices and networks in the Internet of Things. In other words, this technology segment can be understood as a cyber security strategy.

The Importance of IoT Security

Because troves of valuable and private data flow through IoT devices, they are extremely at risk for cyber attacks. Every device added to a network expands its digital attack surface, which is the number of weak points where an unauthorized user can access the system. This constant exposure to potential data theft and other invasions makes the need for IoT security solutions even more crucial.

While efficient, the interconnectedness of IoT devices unfortunately adds to the threat. Through just one compromised device, a hacker can gain access to the whole system. In a corporate environment where IoT devices are deployed on the network, they have access to the company’s sensitive data and critical systems. Cyber criminals commonly target unprotected printers, smart lighting, and other office devices to gain access to the network and its data.

With IoT, the use of sensors and smart devices to collect data for smart automation specifically benefits the fields of civil engineering, urban planning, and smart cities. Understanding the impacts of the data collected can help with the safe distribution of energy, assist in new structural designs and upgrades, and support the secure interconnection of IoT within smart cities.

Who Is Responsible?

Global legislation defines who is accountable for IoT Security. In the United States, the IoT Cybersecurity Improvement Act requires government agencies to review their IoT-related risks. Agencies must also adopt best practices for security. IoT device companies are legally responsible for ensuring their products are as secure as possible. Manufacturers are at fault for compromises and vulnerabilities. Given that a company’s product developers are at the front end of these discussions, IoT security is an important skill to master. 

Any technical professional, from network security engineers to project managers, can benefit from learning about the valuable craft of IoT security. 

Is Your IoT Network Secure?

Ensure the reliability of your company’s IoT network! IEEE Educational Activities, in partnership with IEEE Internet of Things Technical Community, developed the course program All About IoT Security to provide insight for defending IoT networks from threats. Comprised of six courses, this online training covers the challenges and opportunities around IoT security, botnet detection, and malware forensics. The program also goes more in depth, looking at business case studies, blockchain applications, and directing network traffic.

Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization.

Interested in access for yourself? Visit the IEEE Learning Network (ILN).

 

 

Resources:

What Is An Attack Surface? Fortinet.

What Is IoT Security? Check Point.

H.R.1668 – IoT Cybersecurity Improvement Act of 2020. Congress.gov.

Sinha, Satyajit. (24 May 2023). State of IoT 2023: Number of connected IoT devices growing 16% to 16.7 billion globally. IoT Analytics.

As more governments propose data privacy laws, organizations need to renew their focus on data privacy and protecting their customers’ information. While preparing for the growing number of data privacy laws can be a complex process, organizations that stay updated with new laws will have a much easier time in today’s current environment. However, even as companies improve their systems and policies, customer information could still be at risk. According to the nonprofit Identity Theft Resource Center, nearly 300 million people were affected by 1,862 corporate data breaches last year in the U.S. alone. Past studies from the University of Maryland show that hackers launch attacks roughly every 39 seconds. Recent research shows that 95% of all security breaches were caused by human error. Knowing how to deter online threats before they gain access to your customer database or other critical information could save you and your company a lot of headaches and bad publicity.

Essential Cyber Security Tips

The first step of any cyber security outreach is awareness. At the average company, most employees are not security professionals. Therefore, you need to make sure they are aware of their security responsibilities. Employees will be more inclined to adhere to security procedures if they know the benefits of doing so (and the consequences of failing to meet security measures).

According to Forbes, here are five steps you can take to protect your company and your data from exposure:

1. Update your software and apps regularly
2. Start using multi-factor authentication
3. Implement device use policies
4. Limit network and data access
5. Train your employees

Investing in employee awareness ensures business continuity and protects confidential or sensitive information from hackers. However, it is important to note that because cyber threats constantly evolve, employees need continuous refreshers on protecting company data. Companies should conduct regular training sessions to help employees stay on top of the latest security trends and allow healthy discussion of any issue, potentially in a more open forum so that other employees can weigh in on the issue’s importance.

What are some of the ways that your organization is protecting digital privacy for its customers?

Cyber Security and Data Privacy Training for Your Organization

Privacy has emerged to be a critical aspect of our increasingly digitized world. Technological innovations are progressively becoming more intrusive into our personal lives attempting to extract sensitive personal information. This is often detrimental to an individual when any breach or spillage of data leads to a severe impact such as financial loss or identity theft.

Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques. Contact an IEEE Account Specialist today to get access to the course program for your organization. Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

 

Resources

Daniels, Jodi. (8 November 2022). Five Tips for Cybersecurity and Data Protection In Small Businesses. Forbes. 

Huddleston, Tom. (20 October 2022). These cybersecurity tips from a former hacker can make you 98% less vulnerable: ‘You’re raising the bar’. CNBC. 

Paul, Shibu. (10 November 2022). Key cybersecurity tips for staff and employers to safe when working remote. Time of India.

At the most basic level, digital transformation involves using digital technologies to change a business process to become more efficient or effective. It can involve many things, whether it’s process automation, a new website, improved user experience, or a migration to the cloud. The idea is to use technology not to replicate an existing service in a digital form, but to transform that service into something significantly better. Does your organization have a digital transformation strategy in place?

A recent study by Mordor Intelligence valued digital transformation at US$263 billion, and it is projected to reach US$767 billion by 2026. Since the COVID-19 pandemic, unpredictability has become the new normal in nearly every sector of business. Gartner’s forecasts indicate that IT spending will reach US$4.4 trillion this year. Leveraging digital transformation can help businesses build resilience to accelerate their growth, remain competitive, and take advantage of unique market opportunities.

Broad Culture Shifts for Companies

Changing business processes and corporate culture are just as vital to the success of digital transformation as the technical implementations. Company culture can heavily impact employees’ perception of change, and an unresponsive culture can result in wasted time and money. 

According to an article on ZDNet, there are five skills every company needs to achieve successful transformation: 

1. Digital fluency – Depending on the industry, digital fluency can range from a basic knowledge of Microsoft Suite to an in depth understanding of cloud computing.
2. Data analytics – Data analysis skills are needed to process data and use it in a way that’s both permissible and productive.
3. Digital marketing – Marketing skills are essential in engaging your customer base and ensuring a product’s financial success.
4. Cyber security – Cover potential risk areas by hiring those with cyber security skills
5. Leadership – Company leaders should possess a multitude of “soft” skills, such as expertise in communication, influence, empathy, and strategic thinking.

Digital transformation is about investing in a complete transformation of the business to increase the competitiveness and value of the organization. To increase the growth and ROI of technology investments, companies must be proactive in developing a digital transformation strategy that details the intended transformation of processes, work styles, and more.

Creating a More Sustainable Business

Digital transformation has played a key role in enabling remote working. There is a growing focus on leveraging IoT technologies to drive a seamless experience for the employees while creating carbon-neutral office spaces. Digital transformation has also helped employees to focus less on manual, monotonous activities and instead channel their efforts into more purposeful work thereby enabling a better work-life balance.

Sustainability and digital transformation initiatives impact one another in tandem. A sustainable business model alongside a digital business model makes sense, because transforming business processes to be more data-driven and efficient inevitably improves sustainability. Companies should start by renovating their economic models, work processes, and communication paradigms. 

Start Your Digital Transformation Journey

It’s important to prepare for your organization’s digital transformation journey beforehand. Check out Digital Transformation: Moving Toward a Digital Society, a five-course program from IEEE that provides the background knowledge needed to smartly implement digital tools into organizations.

Contact an IEEE Account Specialist to get organizational access.

Check it out for yourself on the IEEE Learning Network.

Resources

Charpentier, Laurent. (23 August 2022). Decades Into The ‘New’ Millennium, Finance Teams Still Struggle With (Lack Of) Digital Transformation. Forbes.

Ene, Carmen. (25 August 2022). The Next Frontier of Digital: Technology as A Sustainable Business Asset. Forbes.

Ganapathi, Chidambaram. (8 August 2022). Digital transformation is paving the way for a sustainable workplace. The Times of India.

Kenkare, Pallavi. (10 August 2022). Digital transformation: Top 5 skills you need to succeed. ZDNET. 

Ramalho, Tiago. (22 August 2022). Why You Can’t Have Digital Transformation Without Sustainability. Readwrite.

Samuels, Mark. (5 August 2022). What is digital transformation? Everything you need to know about how technology is changing business. ZDNET.

Williams, Daniel. (18 August 2022). How CIOs can approach digital transformation investments to increase value. TechRepublic.

Not all hackers are criminals. In fact, ethical hackers – security experts who infiltrate networks and computer systems with authorization from their owners – are increasingly being hired to identify vulnerabilities in cyber security systems, and helping organizations stop cyber crime before the attacks happen.

The need for ethical hackers is rising alongside increasing waves of cyber crime. According to  Accenture’s recent State of Cybersecurity Resilience report, cyber security attacks grew 31% between 2020 and 2021, with organizations receiving 270 attacks in 2021. IBM’s “Cost Of Data Breach Report,” published last year, found that such breaches cost businesses an average of $4.24 million USD, the highest recorded in the report’s 17-year history. 

According to Indeed.com, an ethical hacker’s job consists of three main roles:

• Assessing security: Periodic assessments that include seeking vulnerabilities and suggesting ways to reduce risks
• Threat modeling: Identifying what areas to focus on when securing the system (evolves alongside new applications and circumstances)
• Documentation: Reporting findings with clear, well-written documentation

Ethical Hackers Say Industrial Sector Must Evolve on Cyber Security

One area where ethical hackers are increasingly needed is the industrial sector. As ComputerWeekly reported, a team of ethical hackers from the Netherlands recently won the Pwn2Own international hacker contest for spotting weaknesses in a number of industrial control systems. With the industrial sector currently undergoing a digital revolution, such vulnerabilities could potentially unleash wide-scale security breaches.

The ethical hackers, Daan Keuper and Thijs Alkemade, who won the same contest last year for identifying weaknesses in a widely-used teleconferencing platform, unearthed five vulnerabilities in applications used to manage systems or control communication. What they discovered revealed that the industrial sector’s tradition of separating IT and OT networks is no longer sustainable, since machines and equipment in a digitized industrial controls system will all be connected.

The industry will not easily solve this problem. Much of today’s machines and equipment are old and ill-equipped to handle modern security needs. Moreover, the IT network typically acts as the primary security source. Once breached, the OT network vulnerabilities make it “relatively easy to take over machines, modify processes or bring the whole thing to a standstill – with far-reaching consequences,” Alkemade told ComputerWeekly.

Keuper compared current security strategies to a castle surrounded by a moat, wall, and gates. 

“That works really well if you only have one or two drawbridges, because you can guard them well,” he said. “But in today’s digital networks, you have like a thousand drawbridges. That’s impossible to monitor or secure.” 

What can the industrial sector do to make their networks more secure? According to Alkemade and Keuper, IT and OT network professionals must start working together to better understand security needs. Because IT and OT have conflicting interests, with IT prioritizing confidentiality and OT prioritizing availability, the hackers concluded that this will require the industry’s culture to evolve.

As systems and networks become more connected, cyber crime is guaranteed to get worse. Is your organization aware of all the potential vulnerabilities in its network? Consider hiring ethical hackers or training your technical team to find them.

Supporting IT Departments

Aimed to assist businesses understand the weak points in their cyber security infrastructure, Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks is an eight-course program from IEEE. It is ideal for mid/advanced technical professionals across all industries in IT, computer science, and related fields, as well as executives who need a working knowledge of ethical hacking.

Contact an IEEE Account Specialist today to learn more about training your organization using this course program.

Interested in learning more about this topic for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Loohuis, Kim. (31 May 2022). Industrial systems not safe for the future, say Dutch ethical hackers. ComputerWeekly.com.

Indeed Editorial Team. (17 May 2022). How To Become an Ethical Hacker (2022 Guide). Indeed.

(2021). State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture.

From healthcare to supply chains, the decentralized nature of blockchain has the potential to fundamentally restructure the way organizations do business. Once fully implemented, it will also make the internet far more secure against cyber attacks – and give users greater control over their personal data.

How Does Blockchain Make the Internet More Secure?

Centralized networks are often vulnerable to cyber attacks because they tend to have few IP addresses, which hackers can easily penetrate using relatively simple schemes such as phishing. Once in, cyber criminals can do extensive damage, as recently demonstrated by waves of ransomware attacks costing companies an average of $4.24 million USD. However, the decentralized nature of blockchain presents a possible solution, as these complicated networks are far more difficult for hackers to access.

“For those blockchain solutions utilizing proof of work validation methods (such as bitcoin), hackers have to gain control of a majority of nodes to compromise ledger transactions — something that is, by design, computationally expensive,” Robert Napoli, a business strategist who writes about cybersecurity and digital transformation, wrote in Forbes. “This computational cost can be extended to other types of operations in a security scheme, reducing the need for a trusted central authority.”

Transitioning internet domain name servers (IDNs), which link web browsers to websites, to the blockchain, for instance, would disperse resources “to multiple nodes, making it infeasible for hackers to control the database,” Napoli adds. He noted that blockchain can be secured even further with the help of artificial intelligence technology.

Blockchain, Decentralized Identity, and Digital Identity Wallets

Aside from making networks more secure, blockchain technology can also give users a decentralized online identity that shields their personal data against breaches. According to Deepak Gupta, a cyber security innovator, tech strategist, and cofounder of LoginRadius, writing in VentureBeat, a decentralized identity “is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.”

With a decentralized identity (DID), users have digital “identity wallets” that store proof of their identity in a single location, which they can use to grant or deny access to third parties on the network. Not only do identity wallets give users an easier, more secure way to share their information, they also give users greater power over their own data.

According to Gupta, authentication through decentralized identity and blockchain include the following steps:

1. 1. The identity wallet contains the user’s verified identity details, including their name, age, address, education, employment details, and financial data. This creates a foundation of trust and confirms the user is eligible for authentication.
   2. The decentralized identity feature uses the public key associated with the private key and publishes it onto a distributed ledger like blockchain.
   3. As the decentralized system delivers the public key to the blockchain, the identity wallet receives a unique decentralized identifier representing the user across the internet.
   4. The user shares this identifier with the service provider to get authentication.
   5. The service provider seeks the shared identifier in the blockchain. If and when this is found, the blockchain then sends matching data to the application. The user then completes authentication by adding a signature using a private key.

The service provider application verifies authentication, allowing the user to take action.

The decentralized nature of blockchain has the potential to revolutionize cyber security, but will also come with radical changes. Is your organization prepared to take on this complex technology?

Designing Blockchain Solutions

Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology; the expected benefits of a blockchain solution; how a solution would benefit a prospect company; and more.

Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Gupta, Deepak. (5 March 2022). Decentralized identity using blockchain. VentureBeat.  

Napoli, Robert. (4 March 2022). How Blockchain Could Revolutionize Cybersecurity. Forbes. 

As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics. Their aim may be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported. 

Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN and consistently monitor networks and endpoints. Furthermore, they should review security policies, user agreements, and patching procedures.

Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)

As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR. 

Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization. 

The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement. This is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)

According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible. 

“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene. 

More Organizations Fined

The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR. These include appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.

While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?

Data Privacy Engineering

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.

Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.

Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.

(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.

Since 2020, waves of ransomware attacks have battered both private and government sectors. To combat this, the U.S. government has released a strategy aimed at pushing federal agencies to boost their cyber security efforts. 

According to CNN, the plan aims to integrate a “zero-trust” approach to cyber security, a philosophy which dictates that a network should trust nothing outside its confines. Under this approach, federal employees will have to go through numerous layers of security to sign into agency networks. It will also require organizations to keep a complete inventory of electronic devices on their networks.

The plan, announced in a memo by the Office of Management and Budget at the end of January, comes on the heels of a cyber security executive order signed by U.S. President Joe Biden in May 2021. Agencies will have until the end of 2024 to meet these requirements. 

The U.S. government is also taking steps to secure the country’s water supply, which, according to The Washington Post, spans 150,000 water utilities. As reported by ZDNet, the Industrial Control Systems Cybersecurity Initiative — Water and Wastewater Sector Action Plan will set up a leadership task force from across the water utility industry, launch incident monitoring pilot programs, enhance information sharing, and offer technical support to water systems that need assistance. 

Survey Finds Three Major “Perception” Gaps Between Security-Focused Executives

The private sector is also taking steps to prioritize cyber security. However, according to the Global Cybersecurity Outlook 2022, which surveyed more than 120 global cyber leaders, there are some differences in how security-focused executives perceive cyber security matters within their organizations. According to the World Economic Forum, these “perception gaps” include: 

1. How much cyber security is prioritized in business decisions:
While 92% of surveyed business executives thought cyber security is “integrated into enterprise risk management strategies,” only 55% of security-focused executives agreed.

2. Obtaining cyber security support from leadership:
While 84% of respondents said cyber resilience is seen as a business priority in their organization that is supported and directed by leadership, only 68% saw it as a major component of their risk management. Many leaders charged with cyber security reported they were not being consulted on business decisions. This disconnect could become a problem that could detrimentally affect security. 

3. Recruiting and retaining cyber security professionals:
59% of respondents said it would be challenging to respond to a cyber security incident due to their teams lacking skills. As such, most respondents saw recruiting and maintaining talent as their biggest challenge. However, business executives seemed “less acutely aware” of the gap between the skills possessed by staff and the skills needed. 

Given these findings, executives should take steps to ensure they are incorporating the perspectives of their cyber security leadership in business decisions, and should also ensure they are prioritizing cyber security in all aspects of their decision making. 

Improving Cyber Security in Your Organization

Are you facing perception gaps that are hindering your cyber security practices? What are your cyber security resolutions for the coming year and beyond? Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Resources

Lyngaas, Sean. (26 January 2022). White House attempts to strengthen federal cybersecurity after major hacks. CNN.

Bissell, Kelly and Pipikaite, Algirde. (18 January 2022). What you need to know about cybersecurity in 2022. World Economic Forum.