//
you're reading...
Information Security, IT & TECHNOLOGY

IoT Device Manufacturers Must Take Steps to Earn Trust from Professionals, Consumers


ISACA-Logo

More than four in five global IT professionals (82 percent) see vulnerabilities in Internet of Things (IoT) devices as significant security concerns for organizations.

Those concerns, highlighted in ISACA’s annual IT Risk/Reward Barometer, are reflective of insufficient security measures by IoT device manufacturers.

One of the main culprits is IoT devices running old versions of Linux – sometimes as much as 10 years old. This happens for a variety of reasons, such as the version becoming outdated while the device is in development, or manufacturers building on top of existing devices and sticking with the old software to speed up development time. The result is devices hitting the market with easily anticipated vulnerabilities.

IoT manufacturers also need to make sure their devices have the capability to automatically and reliably run security updates. This should be considered a must-have feature by consumers and businesses when making their purchases. If the devices are able to be updated, without it being a time-intensive process for users, security threats can be addressed much more quickly and effectively.

Making some of these adjustments will be critical, or trust in IoT devices’ security among professionals and consumers will be further damaged, given the threat landscape in 2017 and beyond. The proliferation of IoT devices will result in escalating instances of DDoS attacks this year, according to Deloitte – potentially along the lines of the massive Mirai DDoS attack that used infected IoT devices to cause widespread disruption in October.

That attack, while certainly a wakeup call to some device manufacturers, might not have resonated with many consumers, who did not see a direct impact on their lives, even if their own device was infected and part of the attack. But there is little doubt more and more individuals will be affected by IoT security shortcomings as the devices – and the related threats – grow at a staggering rate.

That could include the emergence of IoT ransomware threats. Ransomware exploded on PCs in 2016, resulting in estimates of about US $1 billion in payments. Given how lucrative the attacks have proven to be, it’s not much of a stretch to anticipate that criminals will explore how they can target IoT devices in their ransomware schemes. For example, imagine a smart lock on your home or car that won’t open until you pay a small ransom. From a criminal perspective, ransomware attacks on IoT devices could make for an efficient strike, with the possibility of holding customers’ device or data hostage and extracting money from the same individual or organization in a single step.

As attacks on IoT devices continue to evolve, none of us will be able to say we didn’t see them coming – 80 percent of professional respondents in the Risk-Reward Barometer survey expressed a high or medium belief in the likelihood of an organization being breached through an IoT device. Enterprises can use network segmentation to isolate IoT devices from their production network. Consumers also recognize the security threats; more than 75 percent of consumer respondents in each of five regions surveyed – Australia, India, Singapore, the US and the UK – expressed concern that augmented reality enhancements could make their IoT devices more vulnerable to a breach. Home IoT network security devices like Dojo by BullGuard, CUJU, and BitDefender BOX can help consumers protect their IoT devices from cyber attacks – some even have enterprise-like network segmentation capability.

Connected devices are becoming increasingly prominent in our daily lives. It is up to consumers and organizations to send the message to device manufacturers that insufficient security design will be a deal-breaker when it is time to consider a purchase.

Rob Clyde, CISM, Board Director of ISACA and Executive Advisor at BullGuard Software

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 119,161 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,247 other followers

Twitter Updates

Archives

February 2017
M T W T F S S
« Jan   Mar »
 12345
6789101112
13141516171819
20212223242526
2728  
%d bloggers like this: