Blog

It’s the start of a new year, and while everyone has reflected on 2017, emphasis is on making an even bigger impact in 2018 for the whole IoT ecosystem: IoT platforms, certificate authorities, device OEMs, IoT gateways, system integrators and ISVs.

The IoT market is continuing to grow with the install base of IoT devices set to reach over 30 billion by 2020 (according to IHS) and this brings a wealth of benefits and challenges.

But how will this affect what will happen in 2018? Read on…

Last month (November 2017), the European Union Agency for Network and Information Security (ENISA) published a report on ‘Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures’ which included input from ARM, Kaspersky Lab, Symantec, Huawei, Siemens, IBM, Microsoft and many more. The report provides insight into IoT security, looking at the various attack surfaces and threats, and proposing best practices and security recommendations to protect IoT devices, data and systems.

Back in October 2016 we experienced the Mirai botnet malware, which leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!

Back in October 2016 we experienced Mirai, which took down popular websites and services including Twitter, Airbnb and Netflix. Mirai leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!

Internet of Things (IoT) brings new security challenges introduced by the scale and pace of adoption, as well as the physical consequences of compromised security. The recent DDoS attacks carried out by a Botnet of thousands of machines infected with the Mirai Malware was just the beginning of what we’re going to see in the future.

Back in October 2016 we experienced the Mirai botnet malware, which had its fair share of press coverage after taking down popular websites and services including Twitter, Airbnb and Netflix. Mirai leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!

The IoT delivers compelling economic and social benefits. It presents great opportunities for the private sector and federal agencies but the scale of security and operational challenges is a big impediment for adoption. A recent report from the US Government Accountability Office (GAO), issued in May 2017 confirms the numerous IoT security gaps that need to be addressed. The report highlights a key challenge is the lack of consideration for security when designing IoT devices.

Is cyber security an IT issue? Well – yes and no. Sure, the technical understanding of what needs to be done, how and why will always ultimately lie with a technology specialist, but the strategic understanding of why it matters and how it fits into wider business operations and culture should always lie with senior management. Cyber security needs to be taken seriously in the boardroom in order for it to truly permeate throughout the business, and therefore to be effective. So yes – cyber security is an IT issue, but it’s bigger than that.

We all know that the ever-expanding Internet of Things (IoT) brings with it some significant security challenges. How can a vastly proliferating ecosystem of connected devices, many of them too small to include sophisticated embedded security systems, deliver adequate protection of the data they generate, transmit and store? How can organizations harness the benefits of the IoT without compromising the security of their corporate network?

One solution that clearly fits into the evolving IoT security picture is Public Key Infrastructure, or PKI.

Device Authority visited the IoT World conference in Santa Clara last week, which brings together hundreds of companies and leaders in the IoT space. As a team, we had a number of meetings with delegates and if you missed it, here are our top 4 takeaways…

There’s an opportunity for a new type of systems integrator