IoT security is like running before you can walk

Publish date:

Take a baby or toddler, which of course is where the phrase comes from, it first crawls, walks, climbs, runs and finally cycles. Security should be the same.

First you should secure your home, office, data centre and then move onto the network, endpoints, websites, email servers, etc.

Many companies have not done much of the above. Take various City of London offices, LCD screens with users on are sitting next to windows. Good front office access control maybe but you can look over someone’s shoulder from outside.

Then you need to secure the network with the use of hardware firewalls and IPS (intrusion detection prevention.) Mail servers and webservers are next since they face the world wide web and further down the line is endpoints.

Makes sense? Likely to some. The problem is companies are struggling to secure their normal network because they do not understand the risks or care. Plus, there is a shortage of products which actually work and a global shortage of skilled staff.

Move onto IoT (internet of things), if anyone including home users is struggling to secure their conventional kit why move onto IoT which can add a physical element into the equation? Webcams, CCTV, heating/electricity control companies do not put much effort into security.

Home users and some businesses simply follow a “craze” and run out there and buy everything their friends or colleagues have. Wealthy home owners get everything plugged in and it goes through the generalist home router/modem.

Do people really need to turn off their iron or open the curtains from outside the door? Not really but it sounds cool. Actually securing these devices with hardware and labour would likely cost more than the IoT devices itself.

“When fridges attack” is a good example. The fridges in question were/are made by well-known manufactures not a cheapy firm no one has heard of. Two years ago there was a story about a hijacked baby monitor. Now the physical and cyber worlds collide.

The next time you go out to buy something for your home, think is it secure, can you secure it and do you need it. I have barely seen a company which has a web page dedicated to the security, testing and certification of the hardware they are selling.

Related Posts

Cybersecurity

Insider Threats: Getting to the left of Boom!

Dan Leyman
Date icon February 15, 2021

Mature, effective insider risk programs take the necessary next step to prevent insider...

Cybersecurity

IAM’s role within your enterprise cyber framework

Chris Williams
Date icon February 10, 2021

A strong IAM infrastructure can help the organization effectively apply its policies and...

Cybersecurity

Cybersecurity in 2021: Four predictions

Geert van der Linden
Date icon February 10, 2021

COVID-19 has heightened the importance of cybersecurity as a business enabler, giving...