Who Will Step Up To Secure The Internet Of Things?

The Internet of Things (IoT) presents a significant mix of opportunity and risk. Compared to the connected devices of the past, the gazillions of new IoT devices that are being predicted for our homes, transportation, cities, medical devices and elsewhere represent a unique set of security challenges for both companies and their users.

To start, IoT devices significantly expand the attack surface. Hackers can easily purchase any IoT device, which will often contain the same security features of other, identical devices already deployed in hundreds or even thousands of homes. Unlike servers or networking equipment, which are usually hacked through remote access points and reside in protected and monitored environments, IoT devices are more accessible to malicious threat actors.

The widespread availability and proliferation of these devices means that once a device is compromised, it’s very difficult for a company to flip a switch and update the millions of devices just like it sold around the world. It also means that hackers can use one insecure device to leapfrog their way into broader connected networks, allowing a single device to compromise sensitive data ranging from bank and health information to even access to broader corporate assets as the line between work and home continues to blur.

It’s also important to think about the companies producing today’s top IoT devices. Often, these companies are startups, which may not have the funds to bring to bear an army of security experts and white hats to ensure secure deployments. Instead, they must rely on the hardware and software provided to them through suppliers. And commodity pricing places an enormous strain on security engineering and maintenance. Many of the IoT devices on today’s shelves are by necessity inexpensive to manufacture, which means companies are less likely to spend high dollar on security throughout the development process.

Now is the time for the technology industry to proactively address these concerns, before the threat of widespread IoT security breaches becomes a reality. The standards groups, enterprise organizations and the legions of startups and maker communities working in this area must join together and get to work on addressing the critical issue of safeguarding the IoT before it’s too late.

The good news is the tech industry recognizes that something needs to be done about IoT security, both through industry groups and at the company level. For example, the International Standards Organization (ISO) has a working group assessing how the ISO 27000 family of security standards might be adapted to address IoT security needs, while the IEEE Standards Association is working on an architectural framework that is expected to address IoT security, privacy and safety issues.

What’s also encouraging is the formation of several IoT vendor alliances, including the Thread Group, the Open Interconnect Consortium, the AllSeen Alliance and the Industrial Internet Consortium. Although each is focused on a different IoT developer and user community, all of the groups appear to be supporting the wider use of data encryption and other security measures.

Despite progress, the task of securing the IoT still faces many daunting challenges. McKinsey & Co. and the Global Semiconductor Alliance (GSA) recently reported that while some parts of the IoT landscape have well-defined standards, other aspects either have none or multiple, competing standards.
Additionally, and although helpful for handling the expected flood of IoT data, software-defined networking (SDN) is creating added security concerns because of its use of multiple communications channels and remotely located computing resources.

Advances in autonomous driving — such as those that will require cars to connect to each other and to roadway infrastructure — will spur the need for more robust safety, security and risk mitigation.
Lastly, and most importantly, leading technology companies still haven’t fully committed themselves to finding solutions for securing IoT applications.

If today’s titans of technology won’t step up to secure the IoT, that vital endeavor may fall to the multitude of startup companies that are fueling much of the industry’s current growth. Gartner estimates that by 2017, more than half of all IoT products and services will be developed by companies less than three years old. And while some of these newcomers are likely to have formidable technical expertise, many will lack the knowhow or capability to implement the tight security that is needed.

As an industry, how can we support this new generation of technologists and equip them with the deep expertise and context necessary to create a truly secure IoT?

  • First, we should encourage them to collaborate more closely with silicon vendors’ software, hardware and manufacturing ecosystems. Chip vendors and their partners can be invaluable guides for inexperienced product developers learning to navigate the complex array of available security standards and components.
  • We also can do better at education. A primary example of how this is being addressed is the establishment of security labs, such as those launched by Microsoft, Breed Reply and Indiegogo, where developers and partners can get hands-on access to systems and test beds to help advance development. Participants learn that security must be considered from the beginning of every IoT project, and should remain a priority through design, development and manufacturing — and even after the product or service is in operation.

In a perfect world, security risks and breaches wouldn’t exist. But, as virtually everything in our Internet-enabled world becomes increasingly connected, everything is becoming accessible and, therefore, potentially vulnerable. We may never fully solve that fundamental contradiction, but by working together, we can begin to build the secure IoT that the world deserves.
Techcrunch:http://http://tcrn.ch/1FNwtBL

« Reinventing CIA for the Big Data Era
Apple Is Buying Into Artificial Intelligence »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.