Blog

Back in October 2016 we experienced Mirai, which took down popular websites and services including Twitter, Airbnb and Netflix. Mirai leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!

Internet of Things (IoT) brings new security challenges introduced by the scale and pace of adoption, as well as the physical consequences of compromised security. The recent DDoS attacks carried out by a Botnet of thousands of machines infected with the Mirai Malware was just the beginning of what we’re going to see in the future.

Back in October 2016 we experienced the Mirai botnet malware, which had its fair share of press coverage after taking down popular websites and services including Twitter, Airbnb and Netflix. Mirai leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!

The IoT delivers compelling economic and social benefits. It presents great opportunities for the private sector and federal agencies but the scale of security and operational challenges is a big impediment for adoption. A recent report from the US Government Accountability Office (GAO), issued in May 2017 confirms the numerous IoT security gaps that need to be addressed. The report highlights a key challenge is the lack of consideration for security when designing IoT devices.

Is cyber security an IT issue? Well – yes and no. Sure, the technical understanding of what needs to be done, how and why will always ultimately lie with a technology specialist, but the strategic understanding of why it matters and how it fits into wider business operations and culture should always lie with senior management. Cyber security needs to be taken seriously in the boardroom in order for it to truly permeate throughout the business, and therefore to be effective. So yes – cyber security is an IT issue, but it’s bigger than that.

We all know that the ever-expanding Internet of Things (IoT) brings with it some significant security challenges. How can a vastly proliferating ecosystem of connected devices, many of them too small to include sophisticated embedded security systems, deliver adequate protection of the data they generate, transmit and store? How can organizations harness the benefits of the IoT without compromising the security of their corporate network?

One solution that clearly fits into the evolving IoT security picture is Public Key Infrastructure, or PKI.

Device Authority visited the IoT World conference in Santa Clara last week, which brings together hundreds of companies and leaders in the IoT space. As a team, we had a number of meetings with delegates and if you missed it, here are our top 4 takeaways…

There’s an opportunity for a new type of systems integrator

$6 trillion will be invested in the Internet of Things (IoT) between 2015 and 2020, which will yield $12.6 trillion ROI over the next decade. 

Until now, security has been treated as an afterthought; by adding layers of security after devices are delivered, and infrastructure and applications are already in place. Security for the IoT is too important to be treated an afterthought. To realize the full potential, the IoT ecosystem is forcing security from the beginning, built as part of the device and infrastructure.

In our earlier blog, we discussed the reasons why IoT Security needs a customer centric approach. This blog will follow on and explore the importance of having a strong device identity and integrity, which are the new perimeter for IoT. We will look at why we must combine device and user dimensions for device centric IoT Identity and Access Management (IAM) and why IoT devices are the weak link in the IoT Ecosystem.

Security is typically left as an oversight for many products today, simply because it is deemed too difficult to do and to facilitate effectively at scale. Security for many products is poorly thought through with little attention paid towards the use case, supply chain and business needs.