Blog

The Open Web Application Security Project (OWASP) recently updated its 2018 Top 10 IoT vulnerabilities list.

As can be expected there are a number of lists compiled at the end of the year to capture and summarize trends, events and activities. The following updated list from OWASP of IoT vulnerabilities that caught our attention as it very nicely keeps it to a limit of 10 and more importantly, we can help do something about it!

Gartner defines “strategic” as those technologies that will have significant disruptive potential over the next 5 years. After reading Gartner's Top 10 Strategic Technology Trends, a big takeaway for me was the juggernaut of the Digital transformed world is upon us.

Mirai, the first IoT botnet which was discovered in 2016 took down popular websites and services including Twitter, Airbnb and Netflix. Since then we were introduced to more advanced versions of Mirai like Persirai, Reaper, Satori and Okiru.

Concern over vulnerabilities in IoT products and services has become a top of mind issue with policymakers. From serious internet attacks such as the Mirai botnet cyberattack which took down major websites such as Netflix and Spotify, to privacy concerns over connected consumer devices, there is a strong push for government regulation.

The Internet of Things (IoT) is pushing full steam ahead through 2018, and it is already understood that the IoT is transforming businesses through Smart innovation and operational efficiencies, which extend far into our daily lives. Large organizations such as Microsoft, Amazon and PTC have already invested billions in the IoT and continue to do so with their IoT platform offerings. However, there are still a few challenges affecting project deployments, particularly in the area of security and risk.

For small and medium sized enterprises, cloud-based software infrastructure delivered via SaaS model can provide a great cost-effective alternative to delivering effective security services to your business.

Today, product manufacturers have a tough decision on what to build into their IoT products and how to make them stand out. Security is often seen as a “nice to have” feature but is increasingly becoming a “must have”. Simply put, product manufacturers need to pay more attention to security.

We are in the GDPR home straight with the finish line in sight. However, that thing we see is not the finish line but the deadline. We are now only weeks away from the inception of the new GDPR regulation, that fundamentally changes the way organizations manage, process and protect personal information.

Are organizations ready to manage consent, reporting of a data breach, subject access requests etc., etc.?

Do organizations understand how exposed their business and brand could be?

Is the #RSA security bubble bursting?

Reflecting on what was a very long and industrious week in San Francisco, it’s important to try and decode, decipher, and maximize the investment in such an event.

With record numbers of people attending and over 1,700 security companies present, of which most customers apparently buy from over 50 on average, the security web is only becoming more prevalent and significant to us all.

Back in April 2017, Device Authority’s CTO Rao Cherukuri wrote a blog titled “IoT Security is too critical to be an optional extra – Security by design, from the beginning” – detailing key recommendations for securing IoT devices.

We continue to see a distinct difference between security products and secure products. Which is also the difference between detect/respond and protect/prevent. Prevention is better than cure.