By Rick Delgado, Contributor
Over the last few years, Internet of Things (IoT) is all everyone has talked about. So it comes as no surprise, that 2016 has brought even more talk to the industry. More products will launch and headlines will continue to be filled on the subject. However, as the industry continues to rise in popularity, the more we hear about the serious security issues pertaining to IoT devices. I asked a few experts to share their tips on IoT security and how businesses can address this challenge.
1. Implement a BYOD policy
“Often, data breaches are the result of employees losing track of company-owned devices such as laptops, tablets and storage devices containing sensitive information. This problem is exacerbated by employees using their own devices for work related tasks. In addition to impressing upon employees the need to keep track of their devices, businesses should encrypt their company-owned devices using a certified encryption methodology.”
Krishna Narine, Business Litigation ***
Meredith & Narine, LLC
2. It all starts with the manufacturers
“Achieving security rests less on the businesses that use IoT devices and more on the businesses that manufacture them. Manufacturers need to design security in from the beginning, both in software and hardware. Ultimately, success in cyber security for IoT depends on designing in security from the beginning in the same way that we have achieved high reliability in areas like rail safety, aviation safety, food safety, security of iconic buildings (i.e. designing buildings to withstand a blast), and so on.”
Emilian Papadopoulos, President
Good Harbor Security Risk Management
3. Don’t be in a rush
“Don’t put all your eggs in one basket. Technology is awesome, and we truly are living in the future, but over-reliance on technology is a surefire recipe for disaster. IoT presents a treasure trove of personal information, financial data, and other sensitive information. Smart businesses and individuals will be careful to temper their excitement and desire to jump into this increasingly-interconnected world of convenience against their willingness to assume additional risk of attack or penetration.”
Frank Spano, Executive Director
The Counterterrorism Institute
4. Add on layers of security
“A VPN (Virtual Private Network) secures one’s home or business network to allow traffic only from verified devices, or at least separates the unverified traffic out. With the rise of the IoT, it is becoming easier and easier for malicious hackers to access verified information through these devices. While they’re marketed as being mostly secure, it only takes one error for someone to get access to your entire network. Using a VPN can totally prevent this, adding a layer of redundancy that is so underrated in today’s world.”
Bryce Hamlin,Public Relations Coordinator
Hide.me
5. Integrate security into your development lifecycle
“Companies that produce IoT devices need to ensure that they have a solid software development lifecycle that is inclusive of security testing. By ensuring security is baked into the development process from day one, the company can dramatically move the needle to help ensure the security of their devices, while also reducing waste within the development lifecycle.”
Andrew Storms,Vice President, Security Services
New Context
6. Automation is key
“Automation will be one of the keys to increasing efficiency in enterprise SOCs. For instance, an automated incident response system can identify and resolve low-complexity, high-volume tasks with little to no human intervention, leaving expert security personnel with more time to handle the more nuanced and complicated issues. That is critical, not only because more devices will create more tasks, but because attacks are growing increasingly sophisticated. Additionally, if that same platform can centralize information from existing security tools, it streamlines operations by limiting the number of tools that analysts use to initially triage alerts. And, if the platform can capture processes for standardization and reuse, it further increases productivity by reducing duplicate work.”
Cody Cornell,Founder and CEO
Swimlane LLC
7. Integration of cyberthreat intelligence
“The relevance of Cyber Threat Intelligence (CTI), as a part of a proactive information security program, will become essential for information security. It is critical for organizations to be able to identify evolving methods and emerging technology trends used by the cybercriminals, and then to continually assess their capability in this regard. Because many organizations don’t have access to internal specialists, they will need to turn to external experts from the CTI sector.”
Mark Coderre, National Security Practice Director
OpenSky Corporation
8. Security starts with proper training
“Enterprises need to approach IoT security bottoms up by re-training software developers: their own and their supply chain, ecosystem stakeholders. To avoid IoT security being an afterthought, it is critical for the developers to start with a full system view of the IoT solution, not just their component alone, before they write the first line of code.”
Prathap Dendi, General Manager
Emerging Technologies, AppDynamics
9. Stop the negligence
“The primary cause of security breaches in business remains employee negligence or intent and not the malfeasance of hackers. Education and training around policies and protocols for security is imperative to avoiding negligent behaviors, like weak and shared passwords or
lackadaisical logouts, leading to issues. Having clear and complete understanding of possible vulnerabilities and limiting accessibility of control within software and hardware specifications and settings is of dire importance in limiting and avoiding intentional sabotage.”
Felicite Moorman, CEO
StratIS
10. Oceans of the Internet
“Asking how to theft-proof electronic information in the Internet of things is like asking how to protect your ships against Pirates and Vikings during the 11th and 12th century. We gained control of pirating the moment we gained control over the seas and oceans…In comparison, we do not control the vast oceans of the Internet. We do not even have agreed-upon standards, nor even an understanding of all the harmful capabilities of hackers on the web…. We are still at the stage of inventing technologies on the Internet.”
Matti Kon, President & CEO
InfoTech Solutions for Business
Interested in learning more about the future of IT? Check out Make the Internet of Things Real and this interactive on the future of cloud computing.