IoT security is like running before you can walk

Publish date:

Take a baby or toddler, which of course is where the phrase comes from, it first crawls, walks, climbs, runs and finally cycles. Security should be the same.

First you should secure your home, office, data centre and then move onto the network, endpoints, websites, email servers, etc.

Many companies have not done much of the above. Take various City of London offices, LCD screens with users on are sitting next to windows. Good front office access control maybe but you can look over someone’s shoulder from outside.

Then you need to secure the network with the use of hardware firewalls and IPS (intrusion detection prevention.) Mail servers and webservers are next since they face the world wide web and further down the line is endpoints.

Makes sense? Likely to some. The problem is companies are struggling to secure their normal network because they do not understand the risks or care. Plus, there is a shortage of products which actually work and a global shortage of skilled staff.

Move onto IoT (internet of things), if anyone including home users is struggling to secure their conventional kit why move onto IoT which can add a physical element into the equation? Webcams, CCTV, heating/electricity control companies do not put much effort into security.

Home users and some businesses simply follow a “craze” and run out there and buy everything their friends or colleagues have. Wealthy home owners get everything plugged in and it goes through the generalist home router/modem.

Do people really need to turn off their iron or open the curtains from outside the door? Not really but it sounds cool. Actually securing these devices with hardware and labour would likely cost more than the IoT devices itself.

“When fridges attack” is a good example. The fridges in question were/are made by well-known manufactures not a cheapy firm no one has heard of. Two years ago there was a story about a hijacked baby monitor. Now the physical and cyber worlds collide.

The next time you go out to buy something for your home, think is it secure, can you secure it and do you need it. I have barely seen a company which has a web page dedicated to the security, testing and certification of the hardware they are selling.

Related Posts

Cloud Security

Cloud security is not too different

Roy Samson
Date icon August 13, 2018

Take a closer look at your current security options before investing in new ones.

Cybersecurity

IAM DevOps in Capgemini

Terence Stamp
Date icon August 10, 2018

The Agile methodology has been gaining traction in its adoption throughout the business world. ...

Healthcare industry

Injury analytics: what P&C insurers can learn from the healthcare industry

Rahul Dhingra
Date icon August 6, 2018

There are key areas like medical data analysis and provider data analysis from where insurers...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information