Whether managed in-house or in tandem with external agencies, an IoT device security strategy that considers the safety and security needs of a user, device and network holistically will produce a secure platform that promotes user connectivity.
By: Sven Dummer
Feb 07, 2018—Data breaches have been the topic du jour in recent years: Equifax,LinkedInMySpaceYahoo!, the Democratic National Convention and Yahoo!—again. More specifically, we have seen the proliferation of the publication of those data breaches, and any such breaches mean big risks for a brand’s reputation and bottom line. This has led everyone to start double-checking the methods by which they manage their user data storage, their devices and the networks on which those devices exchange critical information. And with the Internet of Things (IoT) upon us, not only are brands tasked with guarding against more breaches, but they must secure many more access points than ever before.

In fact, the attack surface isn’t getting any smaller. Last year, GlobalWebIndex estimatedthat there are now 3.64 connected devices per person in the marketplace. According to Intel, there will be more than 200 billion connected devices and sensors by 2020. Given that the population is expected to grow to 7.58 billion, that’s more than 26 connected devices for every person living on Earth—more than seven times the number that exist today.

Not only are we growing the number of per capita devices, but we’re also letting those devices into our lives in a way that can make a breach more personal. Last year, a story in the San Francisco Globe outlined how a family found a stranger hacking into their connected baby monitor. The hacker obtained the login information for the baby monitor and used those credentials to access it via the associated Web app. Terrifyingly, the stranger was speaking to their toddler through the monitor until the parents stumbled onto the hack themselves. More recently, hackers have found Internet-connected teddy bears to be a gateway into a child’s world. In both cases, an effective security strategy could have prevented undesired access to the device.While an effective security strategy can be established in-house, managed security could be an appealing option for organizations that lack the expertise, given the potential risk and scale of these IoT vulnerabilities. So, what goes into an effective managed security strategy?

Firewalls, Monitoring and Penetration Testing
Although they might be considered table stakes, organizations must have industry-standard firewalls for data ingress and virus-protection programs, as well as robust performance monitoring to proactively detect and avoid brute force and denial-of-service attacks. In addition, vulnerability scans, penetration testing and intrusion detection are critical to reducing the risk of breach for an IoT platform, and part and parcel of any good device-security strategy.

Read the full article here!