The risks are not simply that a device may be compromised for use in a
DDoS or Ransomware attack. An unsecured IoT device can provide access
by the attack vector allowing entry into the wider network.
It
seems that not a day goes by without the Internet of Things (IoT)
making headlines. Reports of security
weaknesses in IoT devices are becoming more common. While most of the IoT media coverage focuses on devices for personal use, there has been an explosion of IoT devices in the medical and manufacturing industries. These devices provide significant improvements in service, treatment and operations, but can also lead to significant exposure if not properly secured and evaluated. Several organizations such as the Open Web Application Security Project (OWASP), Online Trust Alliance, GMSA and the National Institute of Standards and Technology (NIST) have developed security best practices for the design and use of IoT-connected devices and systems. While no device, interface or network can ever be totally secure, following the guidelines provided by organizations such as these will help to ensure that basic security measures are in place to help prevent attacks and breaches.
As IoT devices are deployed, be it a connected home or an enterprise,
the risks are not simply that a device may be compromised for use in a
DDoS or Ransomware attack. An unsecured IoT device can provide access
by the attack vector allowing entry into the wider network. Yes, the
potential benefits these IoT devices offer are significant enough to
warrant adoption of the new technologies, but they also present real
risks. To mitigate these risks, while simultaneously leveraging these
benefits, consumers and enterprises should consider purchasing products
that have been tested by a credible third party. Products that
successfully attain a demonstrated level of assurance can effectively
serve as the foundation for enterprise security product selection and
provide a necessary level of integrity to an organization’s security
risk management program.
The universe of IoT encapsulates many different things such as medical devices, cameras, wearables, sensors and manufacturing equipment, to list just a few. This variety carries with it a wide array of security needs and potential threat vectors and attack profiles. One device in the world of IoT may differ significantly from another; therefore, an IoT testing program should address the unique classes of IoT device types and their relevant component parts.
Components to be considered for review of the IoT products include:
About the Author:
George Japak, Managing Director, ICSA Labs
weaknesses in IoT devices are becoming more common. While most of the IoT media coverage focuses on devices for personal use, there has been an explosion of IoT devices in the medical and manufacturing industries. These devices provide significant improvements in service, treatment and operations, but can also lead to significant exposure if not properly secured and evaluated. Several organizations such as the Open Web Application Security Project (OWASP), Online Trust Alliance, GMSA and the National Institute of Standards and Technology (NIST) have developed security best practices for the design and use of IoT-connected devices and systems. While no device, interface or network can ever be totally secure, following the guidelines provided by organizations such as these will help to ensure that basic security measures are in place to help prevent attacks and breaches.
As IoT devices are deployed, be it a connected home or an enterprise,
the risks are not simply that a device may be compromised for use in a
DDoS or Ransomware attack. An unsecured IoT device can provide access
by the attack vector allowing entry into the wider network. Yes, the
potential benefits these IoT devices offer are significant enough to
warrant adoption of the new technologies, but they also present real
risks. To mitigate these risks, while simultaneously leveraging these
benefits, consumers and enterprises should consider purchasing products
that have been tested by a credible third party. Products that
successfully attain a demonstrated level of assurance can effectively
serve as the foundation for enterprise security product selection and
provide a necessary level of integrity to an organization’s security
risk management program.The universe of IoT encapsulates many different things such as medical devices, cameras, wearables, sensors and manufacturing equipment, to list just a few. This variety carries with it a wide array of security needs and potential threat vectors and attack profiles. One device in the world of IoT may differ significantly from another; therefore, an IoT testing program should address the unique classes of IoT device types and their relevant component parts.
Components to be considered for review of the IoT products include:
- Alerting/logging
- Authentication
- Communications
- Cryptography/encryption
- Physical security and platform security
About the Author:
George Japak, Managing Director, ICSA Labs
No comments:
Post a Comment