Internet of Things
Robert Herjavec
brings us up to speed on the state of IoT, detailing the importance and methods of securing our ever-evolving networks.
When it comes to the Internet of Things, why is security such a hot topic?
IoT is everywhere; it’s all-encompassing. We expect interactivity everywhere we go, in all aspects of our lives. From a corporate perspective, it’s about driving efficiency and insight. Large corporations are becoming increasingly dependent on computers and technology to drive their success. That means that these technologies become the gatekeepers of intellectual property and critical corporate information. Cybersecurity is becoming increasingly important to protect that information.
How does that cybersecurity respond to threats at the IoT’s new access points?
IoT connects everything, even commonplace devices like our doorbells and refrigerators. These appliances are wired to the internet and are exposing the general population to the same types of attacks that large enterprises have to deal with on a regular basis.
The difference is, a consumer doesn’t have the same resources that an enterprise does to protect itself. With more of everything— more endpoints, more connectivity, more hacks, more risk—large organizations are outsourcing their security to third party providers who have the resources and scale to monitor their environments at all times. Our industry is shifting from a defensive strategy to a proactive security approach. We’re seeing investments in SIEM, endpoint, big data analytics and threat hunting.
The industry is getting more sophisticated, but so are the attackers. IoT is changing the game in terms of what is connected and is blurring the lines between personal and corporate devices. As an industry, we have to be prepared to protect our customers, and strive to minimize the impact of an attack. Our industry recognizes that security is not purely a technology issue.
We have to offer enterprises information on who is behind an attack and provide tailored guidance in terms of how they should respond and what they can do to contain the incident. In order to support this level of proactivity, we’re seeing more integration across technology providers, and greater collaboration between the service provider and the enterprise.
What can readers do to avoid becoming the victim of one of these attacks?
They sound simple, but the most common rules of thumb in security truly do apply and should be followed: avoid open wireless networks; never complete any financial transactions in public Wi-Fi zones; build complex passwords—try using phrases as opposed to word or number combinations—and do not repeat the same password for multiple logins.
What are some best practices for choosing a security provider for a company?
Most enterprises choose to engage a security provider due to resource, skill or timing challenges. When selecting a partner it’s important that the enterprise and service provider truly view the relationship that way, as a partnership. This has to be a high-touch, collaborative effort, in order to ensure that a proactive model is built that best suits the enterprise’s security needs.
It’s important that the organization and provider understand the scope of the ask and the timing requirements for the project or onboarding. In the case of a managed services partnership, it’s important that an asset list exists to indicate the scope of what’s being monitored or managed. Also key: that there are clear definitions in terms notable events or incidents that will be monitored and actioned; defined ownership of process and an aligned to escalation path are created; an agreed to operational readiness checklist exists so all parties are on the same page from the get-go; and the provider offers support 365 days per year.
Security isn’t a 9-5 job and most organizations outsource their security practices in order to ensure around-the-clock monitoring and management of their environments.