PodChats for FutureIoT: State of IoT Security


As the IoT ecosystem continues to grow, so does the importance of securing these IoT networks. According to Gartner, spending on IoT security solutions will reach $ 631 million by 2021. That’s a significant jump from the $ 91 million spent in 2016, and this annual global spending statistic shows IoT solutions are heading for a massive boom over the next decade.

According to Gemalto, another worrying statistic, 48% of companies admit that they cannot detect IoT security vulnerabilities on their network. Almost half of companies using IoT cannot identify when their network is compromised. As more and more companies invest in IoT technology, we can only hope that this number decreases.

According to Pieter Danhieux, co-founder and CEO of Secure Code Warrior, an average building will have air conditioning, automated doors, surveillance cameras, many of which run on IoT systems. In the agricultural sector, tractors, measuring devices and rainwater stations also use IoT.

“In homes today, you’ll find the IoT in Christmas lights, door locks, etc. The IoT has infiltrated both the business and our personal lives, which is a good thing because it allows us to do many, many great things. But it could also be a very scary thing, ”he commented.

Security Status in IoT Devices

Danhieux felt that when manufacturers build IoT devices, they don’t think these things will be exploited. He argued that manufacturers are under pressure to build these devices at the lowest possible cost and deploy them quickly.

“People don’t think about the potential threats we might face with some of these IoT devices, whether it’s hardware or IoT. software development kits (SDK). The vulnerability could lie in the way the IoT communicates from the network, ”he added.

His point was that it’s a very complex environment. “I think, and not many people, when building these devices, think about all the different issues that can go wrong, around IoT security,” he continued.

In the IoT manufacturing space, everything has to be minimal. This can mean a lack of processing power to perform proper cryptography. “These are the compromises that manufacturers make. Some cannot remotely update, remotely fix firmware vulnerabilities. It is an original firmware that never changes even if it [may have] its weaknesses, ”explained Danhieux.

Buyer beware

On a personal level, there is a growing awareness and concern about the insecurity of devices. Danhieux believes that the same should be true for businesses. He noted that very often the IoT network is separated from the IP network and managed by a different group.

He warned that the IoT can still be used as a launching pad for attacks. He quoted the Mirai botnet that exploited vulnerabilities in SDKs of some 83 million IoT devices.

‘I think both of a company, we should ask the right questions to manufacturers. I think from a personal life perspective, we should also make sure that manufacturers of IoT devices, that there is a level of responsibility that they take in building secure devices, rather than just build a device and distribute it, ”he said. .

Key considerations for reviewing infrastructure security

Danhieux recommends scanning and testing networks for vulnerabilities. This includes all devices connected to the network, regardless of their age.

The next step in the process is to determine whether it makes sense to build layers of defense into the infrastructure. Can device manufacturers update the firmware of these devices? He recalled that some of these devices could be 20 to 30 years old.

He recalled that 20 years ago, companies were concerned with web application security. He is now seeing these same vulnerabilities appear in IoT devices today. Things like remote command injections and buffer overflows are well known issues but are now popping up in the IoT world.

Skills gap

Danhieux warned that finding a security expert who knows IoT can be a hassle. It’s a very specialized role, and there are very few companies in the world that focus on IoT security, including at the network, data, and software level.

He recognized that skills can be developed internally.

“Developers can learn to write securely at the data and software layer levels. Network security architects and security engineers may be responsible for evaluating the network component. You might find someone who can work with physical devices to assess the physical side, ”he continued.

“But to find it all in one person within a company. I think it’s almost impossible. He’s probably a security expert. You have to hire for that. You can sort of distribute them across different layers of your organization.

Pieter Danhieux

Ownership of IoT Security

Danheiux recognized that ownership of IoT security remains a philosophical issue. internet protocol Security people (PIs) usually don’t care about building security.

“However, at the end of the day, if this is a threat to your business, if it could harm your business, if you could harm your reputation, does it matter which C-level person in Does the company take possession of it? ”he asked.

He believes that at the end of the day it is a business risk. It doesn’t matter which letter C is responsible. Do not cover it [security] is the big deal, he concluded.

Click on the PodChat player and listen to Danhieux talk about the state of IoT security in Asia.

  1. Let’s first frame our discussion: where can we find IoT technologies in a typical business in Asia?
  2. What are the prevalent misconceptions about IoT security?
  3. From your perspective, should leaders be concerned about the security of IoT?
  4. Where should senior management start the discussion of IoT security?
  5. What should be the key considerations to review the security of their IoT infrastructure?
  6. What about the skills / know-how around IoT security? Are we hiring or outsourcing?
  7. What misconceptions should leaders put aside when discussing IoT security?

Source link

Leave A Reply

Your email address will not be published.