Professor Gott Niemann coined the phrase “internet of behaviors” (IoB) in 2012. Niemann’s hypothesis was that technology could be used to track the behavior of individuals and used to build a picture to determine what was driving that behaviour. Garter has rekindled interest in IoB, noting that it is one of the most important strategic technology trends in 2021. However, when any technology ability begins to gain attention, there are often those who are looking for ways to exploit new technology for malicious purposes. IoB can inadvertently introduce new risks that security leaders will need to manage. So what can security teams do to detect and mitigate them?
As consumers go about their daily activities, there is a proliferation of Internet-enabled (IoT) devices that capture information and upload it to waiting databases. Business and personal devices and apps, such as smartwatches, GPS trackers, and meal tracking apps — to name a few — track everything. Information is often stored in huge data lakes.
The other piece of the puzzle is the widespread adoption of 5G infrastructure. This facilitates the connection strength of these devices, enabling the transfer of huge amounts of data easily and smoothly.
From a business perspective, mining this collective data provides a wealth of intelligence which means that individuals can be targeted with relevant goods and services for positive business marketing. However, this same data can be used by threat actors.
The power of IoB
In 2020, the first real-world applications of IoB began to appear globally, as tracking and tracing applications were developed in response to COVID-19. While the intent of the implementation was clear, the implementation was less successful in many areas. As an illustration, in the UK, the NHS contact tracing app was initially launched and then suspended in March  Blame it on technical malfunctions and issues related to the centralization of collected data. The second blue-toothed app was launched in September  With reports that it was downloaded by 10 million users by the end of the month. However, in April Both Google and Apple have blocked app updates due to privacy concerns.
Using geotelemetry to track and trace people for the purpose of fighting epidemics is just one example of how IoB is being used. The common belief is that IoB can provide benefits to many other areas of our lives. However, collecting information about our activity using facial recognition, public sector data, automatic plate recognition used on many major UK roads, social media activity, and more also presents serious personal data security risks.
While there are many people pointing to the intrinsic benefits generated by this mass data, what should not be ignored is the risk of these data lakes being targeted by attackers. We’ve already seen massive data breaches where usernames, passwords, and credit card details have been exposed. Cybercriminals can misuse behavior-based IoB data to build detailed profiles of individuals to more effectively support targeted attacks through personalization.
The computational power of 5G will play a huge role in the operation of IoB. In 2021, mobile operator 02 confirmed that its ultra-fast 5G-based mobile broadband network is now in place in 150 UK towns and cities, with more access planned over the remainder of the year. It is likely that more of the Internet of Things and smart devices will be made available online, bringing with them greater convergence of IT and operational technology as environments collide. The resulting speed and functionality are exciting, but what needs to be remembered is that this power can also be used by online attackers. With data constantly flowing through the potentially vulnerable 5G infrastructure, both users and service providers must collaborate to prioritize security measures and build an ecosystem of trusted vendors.
This is all relatively new, and we should be aware that we haven’t yet seen specific attacks against 5G-enabled IoB datasets, but that doesn’t mean it won’t happen!
History has taught us that threat actors see any widely adopted technology as an opportunity. The attacks against IoT devices, which are the backbone of IoB, are already numerous and impressive. In parallel, attacks on communication channels have been widely documented.
The common thread connecting the dots is that these cyberattacks are facilitated by insecure code – whether within the communication channel, the device, or the infrastructure that contains the data.
With everything in mind, there are measures that can be adopted to secure the devices and data that will successfully operate the IoB:
- Effective planning and architecture: clearly defined data security strategies should be tailored to the needs of the company collecting IoB telemetry data. Hand in hand, security leaders need to understand how and where to focus corrective actions based on business risks should such data be disclosed. This saves time and ensures that security always takes business needs into consideration. It is also important to consider what, if any, third party access to the networks is allowed, and the access of the Infrastructure as a Service (IaaS) provider. Access to critical systems and data must be restricted through privileged access controls and management.
- Risk-based, unified view of the data environment: IoB data will be captured from a wide range of personal devices (also known as assets) in a number of geographic locations. Organizations that collect this information need a unified view of the risks spanning data across all devices – those of today and those that are being developed for tomorrow. This increases the importance of validated vulnerability scanning using proxies and passive monitoring built into CMDB (Configuration Management Database). This makes it possible to evaluate assets that are often offline (and therefore not visible to active scans) using large scan windows when assets finally connect to the network. Since the unknown cannot be protected and managed, visibility of the assets is critical.
- Focus on critical risks: With thousands of vulnerabilities discovered every day in corporate environments, security teams don’t have time to decide which ones to focus on first. Therefore, companies need solutions that help them better understand the actual, rather than theoretical, effects of vulnerabilities. This means that security operations must be risk-based and prioritized. Leveraging threat information, vulnerability analysis, and probabilistic data, enables security officers to focus on critical risks. Risk-based predictive prioritization frees up time and resources to focus on critical risks. This becomes an important aspect in a complex IoB environment with many devices and risks. Knowing what’s important saves time and resources.
- Security integration: Security must be integrated across applications, critical data, cloud-based assets, development, network infrastructure, and operating technology. Security managers should consider protecting SaaS applications with a Cloud Access Security Broker (CASB) in addition to managing strong vulnerabilities. CASB may manage configuration controls, but vulnerability management is also important for cloud-based assets. You should also try to integrate all SaaS solutions into one central identity and access management solution.
Comprehensive and adaptive security approach
Sensitive IoB data constantly flowing through the 5G infrastructure will attract threat actors. While the attacks haven’t materialized yet, what we’ve seen with IT, IoT, and OT attacks means it’s only a matter of time. It is imperative that all organizations that make up the IoB chain of operation—from hardware vendors, infrastructure providers, and organizations looking to capture and process data—take a comprehensive security approach to identify, address, and block potential pathways of attack created by these new capabilities.
With networks interconnected, this is not easy, but all parties must join forces to combat these emerging threats. Cooperation will make it possible to prioritize security measures and build a trustworthy ecosystem. Vision, prioritization, and planning should be the data security pillars that are relied upon to create a secure foundation for IoB technology.
Adam Palmer, Chief Cyber Security Strategist, defensible (Opens in a new tab)