This post is also available in: עברית (Hebrew)
The Internet of Things (IoT) has been making major shifts in the world of both consumer and industrial electronics, however, it opens a door to soaring security threats. What is it actually? IoT is a system of interrelated computing devices, mechanical and digital machines, objects or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Considering the security threats this technology can host, electronics manufacturers must safeguard both the lines where they build connected products as well as the products they are making.
Today, there are nearly three devices attached to the Internet for every human being on the planet, according to IDC Research. By 2025, that ratio will reach 10 to 1. More connected devices translate into a threat that hackers can leverage to launch all sorts of attacks. Organizations are already experiencing losses related to a lack of good practices around IoT. “Implementation of IoT that doesn’t deal with security or privacy creates tremendous risk,” Mike Nelson, vice president, IoT Security at DigiCert, told ebnonline.com. Among the least-IoT security savvy companies, one quarter reported IoT security-related losses of at least $34 million in the last two years according to DigiCert. DigiCert’s recently-released 2018 State of IoT Survey reveals that enterprises are aware of the threat that IoT poses to security, privacy and regulatory compliance. They are also concerned about cost, “Security is absolutely critical not just for consumers but organizations,” Nelson said. “Considering the risk that insecure devices present to the business, it is much less to invest in security up front than to wait and deal with an attack.
Capabilities around IoT security vary wildly. DigiCert divided its results into the top tier, which have few IoT security issues; the middle tier, which are moderately successful in terms of security; and bottom tier, which have trouble mastering IoT security. Those on the bottom tier are 38% more likely to report a lack of IoT security specific skillsets in their organizations. They are more likely to find privacy, scalability, security, lack of standards, and shifting regulations challenging. Those fears are reasonable. While only one in three top-tier organizations reported security incidents related to IoT, all bottom tier enterprises suffered at least one incident. These less sophisticated enterprises are more than six times likely to experience IoT-based Denial of Service attacks, unauthorized access to IoT devices, and IoT-based data breaches. DigiCert offers five best practices to help companies pursuing IoT to bring the organization into the top tier:
Review risk: Perform penetration testing to assess the risk of connected devices. Evaluate the risk and build a priority list for addressing primary security concerns, such as authentication and encryption. A strong risk assessment will help assure you do not leave any gaps in your connected security landscape.
Encrypt everything: As you evaluate use cases for your connected devices, make sure that all data is encrypted at rest and in transit. Make end-to-end encryption a product requirement to ensure this key security feature is implemented in all of your IoT projects.
Authenticate always: Review all of the connections being made to your device, including digital and human to ensure authentication schemes only allow trusted connections to your IoT device. Using digital certificates helps to provide seamless authentication with binded identities tied to cryptographic protocols.
Instill integrity: Account for the basics of device and data integrity to include secure boot every time the device starts up, secure over the air updates and using code signing to ensure the integrity of any code being run on the device.
Strategize for scale: Make sure that you have a scalable security framework and architecture ready to support your IoT deployments. Plan accordingly and work with third parties that have the scale and focus to help you reach your goals so that you can focus on your company’s core competency.
Get updated on the latest IoT technologies:
IoT for Security and smart city 2018 – The conference is a unique opportunity for professional meetings between companies in the technological and defense industries, integrators, research and development organizations, and leading academic institutions.
For details/booth/sponsorship: email@example.com