13

Ten Expert Tips onInternet of Things Security

13

Over the last few years, Internet of Things (IoT) is all everyone has talked about. So it comes as no surprise, that 2016 has brought even more talk to the industry. More products will launch and headlines will continue to be filled on the subject.

However, as the industry continues to rise in popularity the more we hear about the serious security issues pertaining to IoT devices. I asked a few experts to share their tips on IoT security and how businesses can address this challenge.

Implement a BYOD policy.

1

Often, data breaches are the result of employees losing track of company-owned devices such as laptops, tablets and storage devices containing sensitive information.

“

This problem is exacerbated by employees using their own devices for work related tasks. In addition to impressing upon employees the need to keep track of their devices, businesses should encrypt their company-owned devices using a certified encryption methodology.

- Krishna Narine, Business Litigation LawyerMeredith & Narine, LLC

Source

“

It all starts with the manufacturers.

2

Achieving security rests less on the businesses that use IoT devices and more on the businesses that manufacture them. Manufacturers need to design security in from the beginning, both in software and hardware.

“

Ten Expert Tips onInternet of Things Security

Ultimately, success in cyber security for IoT depends on designing in security from the beginning in the same way that we have achieved high reliability in areas like rail safety, aviation safety, food safety, security of iconic buildings (i.e. designing buildings to withstand a blast), and so on.

- Emilian Papadopoulos, PresidentGood Harbor Security Risk Management

Source

“

Don’t bein a rush.

3

Don't put all your eggs in one basket. Technology is awesome, and we truly are living in the future, but over-reliance on technology is a surefire recipe for disaster.

“

IoT presents a treasure trove of personal information, financial data, and other sensitive information. Smart businesses and individuals will be careful to temper their excitement and desire to jump into this increasingly-interconnected world of convenience against their willingness to assume additional risk of attack or penetration.

- Frank Spano, Executive DirectorThe Counterterrorism Institute

Source

“

Add on layers of security.

4

A VPN (Virtual Private Network) secures one's home or business network to allow tra�c only from verified devices, or at least separates the unverified tra�c out.

“

With the rise of the IOT, it is becoming easier and easier for malicious hackers to access verified information through these devices. While they’re marketed as being mostly secure, it only takes one error for someone to get access to your entire network. Using a VPN can totally prevent this, adding a layer of redundancy that is so underrated in today’s world.

- Bryce Hamlin,Public Relations Coordinator Hide.me

Source

“

Integrate security into your development lifecycle.

5

Companies that produce IoT devices need to ensure that they have a solid software development lifecycle that is inclusive of security testing.

“

By ensuring security is baked into the development process from day one, the company can dramatically move the needle to help ensure the security of their devices, while also reducing waste within the development lifecycle.

- Andrew Storms,Vice President, Security ServicesNew Context

Source

“

Automation is key.

6

Automation will be one of the keys to increasing e�ciency in enterprise SOCs. For instance, an automated incident response system can identify and resolve low-complexity, high-volume tasks with little to no human intervention, leaving expert security personnel with more time to handle the more nuanced and complicated issues. That is critical, not only because more devices will create more tasks, but because attacks are growing increasingly sophisticated.

“

Additionally, if that same platform can centralize information from existing security tools, it streamlines operations by limiting the number of tools that analysts use to initially triage alerts. And, if the platform can capture processes for standardization and reuse, it further increases productivity by reducing duplicate work.

- Cody Cornell,Founder and CEOSwimlane LLC

Source

“

Integration of cyber threat intelligence.

7

The relevance of Cyber Threat Intelligence (CTI), as a part of a proactive information security program, will become essential for information security.

“

It is critical for organizations to be able to identify evolving methods and emerging technology trends used by the cybercriminals, and then to continually assess their capability in this regard. Because many organizations don't have access to internal specialists, they will need to turn to external experts from the CTI sector.

- Mark Coderre, National Security Practice DirectorOpenSky Corporation

Source

“

Security starts with proper training.

8

Enterprises need to approach IoT security bottoms up by re-training software developers: their own and their supply chain, ecosystem stakeholders.

“

To avoid IoT security being an afterthought, it is critical for the developers to start with a full system view of the IoT solution, not just their component alone, before they write the first line of code.

- Prathap Dendi, General ManagerEmerging Technologies, AppDynamics

Source

“

Stop the negligence.

9

The primary cause of security breaches in business remains employee negligence or intent and notthe malfeasance of hackers.

“

Education and training around policies and protocols for security is imperative to avoiding negligent behaviors, like weak and shared passwords or lackadaisical logouts, leading to issues. Having clear and complete understanding of possible vulnerabilities and limiting accessibility of control within software and hardware specifications and settings is of dire importance in limiting and avoiding intentional sabotage.

- Felicite Moorman, CEOStratIS

Source

“

Oceans of the internet.

10

Asking how to theft-proof electronic information in the Internet of things is like asking how to protect your ships against Pirates and Vikings during the 11th and 12th century.

“

We gained control of pirating the moment we gained control over the seas and oceans...In comparison, we do not control the vast oceans of the Internet. We do not even have agreed-upon standards, nor even an understanding of all the harmful capabilities of hackers on the web.... We are still at the stage of inventing technologies on the Internet.

- Matti Kon, President & CEOInfoTech Solutions for Business

Source

“

Interested in learning more about the future of IT? Check on this interactive on the future of cloud computing.

Explore the future of cloud