“The SEC signaled significant change in how it views what constitutes a threat to companies. It now considers cyber vulnerabilities to be an existential business risk. This was evident in fines levied against two companies over inadequate disclosures of cybersecurity issues.” The fines ranged from $500K-$1M for companies that failed to disclose vulnerability in its systems according to a recent report in Harvard Business Review. These fines could bespeak a major shift in the way companies strategize against current and future threats in addition to how they disclose breaches or potential weaknesses.
You don’t have to go far to find examples of how IoT devices have been compromised and used as entry points for hackers to infiltrate corporate networks and cause insurmountable damages. Whether it be a surgical robot in a hospital, connected vehicle, connected sensor or a 3rd party “connected” fish tank at a major casino. Any connected device is potentially an open door for a hacker to cause your company significant damages. Beyond the downtime, and subsequent security investments there are additional “costs” of bad PR, lawsuits, and fines. Despite knowing the ramifications, some companies drag their feet still. Why wait until it’s too late and you have become a victim?
One of the major stumbling blocks is how do companies even know which devices are putting them most at risk, and where might data encryption need to be applied to protect critical information? For example, if a connection does not use proper authentication – or if data should be encrypted before being transmitted or stored. There is a full lifecycle for IoT devices which must be managed over time in a zero-touch environment at scale. But how?
There are a multitude of IoT platforms and vendors that address security vulnerabilities for IoT devices. Where should a company start their IoT security journey? Companies need to holistically think about building an ecosystem of security from the edge to the enterprise.
Start with the end in mind! Where are your company’s devices in their lifecycle? How are your devices connected (Edge or Enterprise, 100% connected or intermittent, edge gateway on VPN)? What devices are putting them most at risk? What policies are in place and what policies need to be updated or enacted? How do companies safely authenticate, provide credentials, apply policy, encrypt the data and rotate the encryption keys as needed?
Device Authority’s KeyScaler platform and KeyScaler Edge are part of a complete solution and help companies manage the full security lifecycle of all of its devices autonomously at scale and are fully integrable with IoT platforms such as Microsoft Azure (IoT Hub, IoT Central, IoT Edge), AWS IoT Core, ThingWorx; Certificate Authorities and Hardware Secure Modules to provide Edge to Cloud device and data trust.
Could your company benefit from a free IoT consultation? Whether you’re working in federal government, healthcare, automotive, transportation, agritech, manufacturing, or Industrial IoT, find out how Device Authority can help your company meet compliance requirements and accelerate adoption of IoT products and services at www.deviceauthority.com
Need a quick and easy way to implement IoT security? Book a demo or signup for a free trial of our managed service: KeyScaler as a Service (KSaaS).
