Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective

Similar documents
Keys to a more secure data environment

Intelligent Building and Cybersecurity 2016

CYBER RESILIENCE & INCIDENT RESPONSE

Achieving End-to-End Security in the Internet of Things (IoT)

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity, safety and resilience - Airline perspective

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

DIGITAL TRUST Making digital work by making digital secure

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Keep the Door Open for Users and Closed to Hackers

Build Your Zero Trust Security Strategy With Microsegmentation

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

External Supplier Control Obligations. Cyber Security

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

ForeScout Extended Module for Splunk

Defensible and Beyond

Managing EUC Threats. 3 Simple Ways To Improve Endpoint SECURITY

THE POWER OF TECH-SAVVY BOARDS:

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Building Trust in the Internet of Things

How to Improve Your. Cyber Health. Cybersecurity Ten Best Practices For a Healthy Network

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Securing Industrial Control Systems

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

The State of Cybersecurity and Digital Trust 2016

Big data privacy in Australia

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

Securing Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager

DDoS MITIGATION BEST PRACTICES

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Tripwire State of Cyber Hygiene Report

Sage Data Security Services Directory

with Advanced Protection

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Cybersecurity for Health Care Providers

IoT & SCADA Cyber Security Services

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Cybersecurity Today Avoid Becoming a News Headline

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Cyber Risks in the Boardroom Conference

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

MITIGATE CYBER ATTACK RISK

Cyber security tips and self-assessment for business

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

to Enhance Your Cyber Security Needs

6 Vulnerabilities of the Retail Payment Ecosystem

Jeff Wilbur VP Marketing Iconix

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

THE ACCENTURE CYBER DEFENSE SOLUTION

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Global Information Security Survey. A life sciences perspective

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Security Incident Management in Microsoft Dynamics 365

RESOLVING HIGH-TECH'S SECURITY CHALLENGE

Best Practices in ICS Security for System Operators

Governance Ideas Exchange

Medical Device Safety in a Connected World

Innovation policy for Industry 4.0

THE CONVERGENCE OF PHYSICAL AND LOGICAL ACCESS: WHAT IT REALLY MEANS FOR AN ORGANIZATION S SECURITY

Cyber Resilience - Protecting your Business 1

THE CLOUD SECURITY CHALLENGE:

Combating Cyber Risk in the Supply Chain

Building a Resilient Security Posture for Effective Breach Prevention

TAN Jenny Partner PwC Singapore

Internet of Things Toolkit for Small and Medium Businesses

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Addressing the elephant in the operating room: a look at medical device security programs

Digital Health Cyber Security Centre

SECURITY TESTING. Towards a safer web world

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Challenges and. Opportunities. MSPs are Facing in Security

Cyber Insurance: What is your bank doing to manage risk? presented by

Vulnerability Management. June Risk Advisory

Cyber War Chronicles Stories from the Virtual Trenches

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

ANATOMY OF AN ATTACK!

EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1

Executive Insights. Protecting data, securing systems

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Cyber Resilience. Think18. Felicity March IBM Corporation

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

FFIEC CONSUMER GUIDANCE

Transcription:

Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective Published on 27 Nov 2018 The term Internet of Things (IoT) has almost been beaten to death at this point, as more and more security integrators, manufacturers and customers take advantage of the ability to increase connectivity between devices (and therefore take on the dangers this introduces). But the methods by which we interact with the IoT and protect its devices are still catching up, which means security manufacturers must take part in shifting their focus toward safeguarding data, engaging in vulnerability testing of products and incorporating stringent protections at every stage of the product development process. One small leak or breach on a single connected device can potentially cause

significant damage across an organisation Who is responsible for IoT security? One small leak or breach on a single connected device can potentially cause significant damage across an organisation, creating a disruption within a company, affecting its assets, employees and customers. The continued question seems to be: Who is ultimately responsible for the security of IoT devices? In a recent survey from Radware, a provider of application delivery and cybersecurity solutions, there was no clear consensus among security executives when asked this question. Thirty-five percent of respondents placed responsibility on the organisation managing the network, 34 percent said the manufacturer and 21 percent chose the consumers using the devices as being primarily responsible. Several schools of thought exist for each: The Organisation It's not surprising that most people see the organisation as the main stakeholder for IoT security responsibility; after all, if a company is managing a network, one would expect it to protect the network as well. One way that the organisation can embrace this responsibility is by adopting a user-centric design with scalability, tactical data storage and access with appropriate identification and security features (for example, the use of multilevel authentication through biometrics in access control). Organisations must also use their IT team to strengthen the overall cybersecurity of the IoT by keeping up with the latest software updates, following proper data safety protocols and practicing vulnerability testing. The Manufacturer

Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved and effectively communicate them to the integrator or end user. Providing the education necessary and dedication to protecting users of its equipment makes a manufacturer more trustworthy and understanding in the eyes of an end user. Ensuring encryption between devices is a key step that manufacturers can take to work toward achieving complete protection in the IoT. The User Despite the protection delivered by the organisation and manufacturer, there's always the option for IoT security to be enhanced or possibly even diminished by the individual user. It's critical that best practices for data protection are in place every time an individual uses a device that is connected to the network. These include disabling default credentials, proper password etiquette, safe sharing of sensitive information and the instinct to avoid any suspicious activity or requests. Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved The short answer to the responsibility question is this: everyone. Each sector has a responsibility to contribute to the protections needed for IoT-enabled devices. However, as a manufacturer, it is imperative that our teams think about each level of protection when developing products for public consumption, including how the organisation implements the technology and how the integrator engages in training with users. Manufacturer vulnerability testing One way that manufacturers can implement added protections against outside threats is by boosting their attention to security protocols in the product development stage. For some, this requires a different approach in the design and development of security systems. Identifying

vulnerabilities is at the core of this. A security vulnerability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the system such as mishandling, deleting, altering or extracting data. Increased connectivity makes these vulnerabilities more of a liability, as IPenabled (or networked) devices are more likely to be breached by outsiders looking to permeate an organisation and collect valuable data. A security vulberability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the system While some of these hacks are a little more simple in nature such as outsiders trying to guess a password using manufacturer-set passwords others are more complex, such as a denial-ofservice, where attackers attempt to overload the system by flooding the target with excessive demands and preventing legitimate requests from being carried out. This makes it virtually impossible to stop the attack by blocking a single source. As a result of these potential threats and to help manufacturers deliver best-in-class products it's imperative that vulnerability testing is done throughout a product's development, starting at phase one in the process. This includes analysis of the type of cyberattacks that can potentially attach, breach and disable a system. Many manufacturers attempt to hack their own products from within the organisation or even go as far as hiring a third-party professional group to do it for them. Success in a volatile technology landscape This kind of development puts a product through rigorous levels of testing, and once weaknesses are exposed, they can be patched up and the cycle of attack-and-defense can take place until the product is protected fully and ready for market.

Skipping this step in the development process can open manufacturers up to significant liability, so it's important for this testing to take place and corrective actions be taken to rectify gaps in security. The more extensive an organisation's security testing approaches are, the better are its chances of succeeding in an increasingly volatile technology landscape. But the testing doesn't stop in the development stage. Attacks on a system continue long after the product has been introduced to market, requiring continued updates to be made available in an effort to protect customers. Manufacturers are tasked with implementing further firmware updates to keep a product in the field readily prepared to revoke the latest critical bugs that can affect the market. What end users demand from security We're seeing a significant shift in the education and demand from a customer perspective. In the past, consumers took the advice of integrators and consultants as far as the right security systems to install for their needs. Today, the self-education of end users is on the rise as more and more IT departments become involved in the selection and investment of physical access control systems. We're seeing a significant shift in the education and demand from a customer perspective A larger number of end users are demanding security products that meet IT standards of network protection, and they take these considerations into account when working with integrator partners on the selection of systems to meet their needs. As a result, manufacturers are tasked with not only developing robust IoT-centric products, but also continuing to be involved on a regular basis in an effort to continuously keep organisations safe.

A comprehensive security strategy from manufacturers must involve multiple levels of product selection, testing and integration centered on the team-based approach to implementing training and protocols within an organisation. While manufacturers are stepping up their game in the development of robust products, this remains a team effort that must be addressed every week not something you implement, then forget about. The safety of data and the entire organisation depends on it. Author Profile Kim Loy

You may also be interested in... Virtual worlds disrupt building security & facility management From satellite imagery to street views to indoor mapping, technology has disrupted our past world. This has left us dependent upon new ways... Mobile and cloud technologies sharpen organisations emergency respons... There s only so much a corporation can do to counteract the threat of a major incident. You can ask everyone to be vigilant and to rep... Why self-service kiosks are a target for cyber attacks Today, customers are demanding immediacy, personalisation and seamless services from their providers and our desire for instant gratificatio...

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback