tadamichi - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Securing IoT: Whose responsibility is it?

There's no shortage of opinions on where to place the blame for IoT security events. However, as IEEE member Kayne McGladrey explains, the onus is on both manufacturers and consumers.

Securing IoT has been a hot topic since day one -- and for good reason. Adding internet connectivity to anything inevitably increases the number of threats it can face, and the sheer number of IoT devices an enterprise uses widens its potential attack surface. Add in the IoT devices your employees use on a daily basis and it can be a recipe for disaster.

The best way for individuals and enterprises to ensure that future generations of IoT devices are safe is to demand and only purchase IoT devices that are secured by default and have security built in.

Key attributes of securing IoT devices include:

  • encryption of data in motion;
  • push software updates;
  • no default usernames or passwords enabled, or forcing end users to change default passwords on first use; and
  • central monitoring and compliance auditing of devices.

Enterprises and consumers alike are rewarding vendors that produce low-cost, insecure devices, such as $20 IP-based security cameras. It'd be easier for everyone if those consumers instead sent $20 to threat actors who will inevitably compromise those devices, as this would only be a $20 problem.

However, when threat actors conscript thousands of insecure IP-based security cameras into a botnet that can knock major brands off the internet -- such as what happened with the Mirai botnet attacks in the fall of 2016, it potentially becomes a multimillion-dollar problem that affects major markets and international relations.

In the enterprise space, the ability to push software updates to an inventory of devices is key to securing IoT. Organizations cannot secure what they cannot see, so having deployed devices report into a monitoring framework is essential. It's similarly essential to see which devices have received regular software updates, to isolate those that have not and to see which IoT devices are no longer reporting data due to theft, power loss or physical damage.

Have a question for one of our experts? Submit it now. All questions are anonymous.

This was last published in February 2019

Dig Deeper on Internet of Things (IoT) Security Strategy

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Does IoT need a shared security model? Who should be held responsible for attacks, manufacturers or consumers?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close