The Internet of Things Ushers in a New Wave of Cybersecurity Needs

The internet has changed rapidly since its inception in 1983. The way we communicate, consume news and media, shop, and collect data are just a few examples of the way the internet has changed the world. A term you may have heard crop up in recent years is IoT, or The Internet of Things. IoT is about extending the purpose of the internet from use in day to day devices like smartphones and computers to use as a host of connected “things.”

So why would we want to do that? When something is connected to the internet and able to send and receive information, it makes the device smart. The more smart devices we have, the more connected and controllable our environment will become. IoT provides important insights to businesses and people that allow them to be more connected to the world and to do more meaningful, high-level work.

While the Internet of Things holds incredible potential for the world, it also means opening up more avenues of vulnerability for hackers to tap into our infrastructure, our homes, and our businesses. On a large scale, the development of “smart cities” are cropping up, promising better usage of resources and more insights from data among other things. On the other hand, this could allow hackers higher access to critical infrastructure leading to potentially crippling instances of national and industrial espionage. On a smaller scale, things like parking meters can be hacked in order to cheat the system for free parking.

The rise in IoT security must match the explosive growth rates for these devices, which means that a new era of cybersecurity is being ushered in. Nearly half of U.S. companies using an IoT network have been hit by a recent security breach, and spending on IoT security will reach more than $6 billion globally by the year 2023.

Where does this leave us in a world with a seemingly bright technological future that holds such dark potential? As IoT continues to grow and evolve, it’s hard to say what specifics need to be put in place in order to keep it secure. However, there are some good general practices that can mitigate your personal and professional risk of being a victim of a breach.

  • Be aware when it comes to downloading apps. Always read the privacy policy of any apps you’re thinking of downloading to see how they plan to use your information and more.
  • Do your research before you buy. Smart devices collect a lot of personal data. Understand what’s being collected, how it’s being stored and protected, and the manufacturer’s policies regarding data breaches.
  • It seems obvious, but use strong and unique passwords for your device accounts, Wi-Fi networks, and connected devices (and update them often).
  • Use caution when utilizing social sharing features that can expose your location information and could let people know when you’re not at home. This can lead to cyberstalking and other real-world dangers.
  • Install reputable security software on your devices and use a VPN to secure data transmitted on your home or public Wi-Fi.

All these tips are focused on educating yourself as a responsible user of the internet and sharer of all things personal and professional. To protect yourself (and others around you), keep learning safer internet and cybersecurity practices. Cyber is always changing, just like the internet, and if we overlook a privacy policy or share a little “too much” on social media, we place ourselves at risk of exploitation and danger. It is up to us, the individuals who use this technology day in and day out, to create safer spaces online to communicate and continue to enjoy the internet in all its glory.

Eventually, there is hope that the IoT industry is able to revolutionize cybersecurity for itself, as compliance and regulation never seem to catch up to the pace required by cyber defense technologies. Since this is still such a new industry and constantly evolving, utilizing the aforementioned tips and tricks will help you stay safe while IoT security gets its footing. There is a lot to look forward to as IoT continues to revolutionize the way the world works, it’s just a matter of time before cyber teams are ready to take on this new wave of security needs.

Photo by Domenico Loia on Unsplash

Are you living the CISO nightmare? Five Cyber Concerns Keeping Them Up at Night

What keeps CISOs up at night? Is it the looming concern of a threat? The uncertainty of cloud security? Wondering if you have enough cyber pros on the frontlines to defend and protect? Maybe it’s all three –and more. CISOs are carrying a lot of security responsibility on their shoulders, all while trying to make sure their department is transparent, vigilant, agile, and of course, secure. Focusing on so many areas of digital opportunity, security vulnerability, and defensive improvement make it challenging for CISOs to truly dedicate attention to any specific operational “thing” for too long before they have to move to the next issue. Adapting to this rapid change of pace in the security industry can compromise security strength and lead to growing concerns about whether teams are really prepared for the next threat. We’ve pinpointed the top five cybersecurity concerns of CISOs that are stuff nightmares are made of.

  1. New Threats

This shouldn’t be a surprising concern. Threats are ever-evolving just as technology and digital connectivity is. While CISOs strive to keep their defenses up to snuff with the latest technology, there is always a new weakness waiting to be exploited. The recent government shutdown is a perfect example. It pulled many defenders off the frontlines of security, leaving the door wide open for malicious hackers to walk on it and do unimaginable damage. Also, the 2016 election attracted black hat hackers to manipulate public perception of the race via the use of social media. There’s always a new threat, a new vulnerability to be wary of—and CISOs are looking for ways to ensure their teams are always ready, always prepared, and have the proper support they need from machines and fellow colleagues to keep assets and people safe from harm.

  1. Minimal Agility

While CISOs desire agile operations and solutions, many still follow a linear “waterfall” model with sprinklings of agile adaptations. Developers, in particular, create security solutions tend to follow prescriptive, step-by-step requirements without always considering how security fits into the bigger solution picture. One can imagine the repercussions of such an approach. Failure to close the widening gap between deployment velocity and security implementation can yield weak security resilience. CISOs wonder if their organizations are strong enough to have both deep security testing in place and remediation plans effective enough to remove any semblance of fear, uncertainty, and doubt. DevSecOps spells opportunity for agile security as the approach advocates for the integration of security “checks” during every stage of development from planning to coding to testing and deployment and monitoring.

  1. IoT and Cloud Security

As work migrates out of the traditional office, users are moving off the network and accessing the cloud directly. More applications and servers are moving to the cloud to save money, achieve scale, and obtain greater access. However, massive amounts of sensitive data are now stored in the cloud and the “location” of that data and perceived lack of visibility is concerning for CISOs. According to a Kaspersky Lab study, one in three CISOs ranked cloud computing as a top security risk. Part of a CISO’s job is to apply controls to cloud security but when other responsibilities including managing security solutions take priority, concerns of cloud security often go unalleviated.

  1. Cybersecurity Skills Gap

This is one of the reoccurring nightmares for CISOs: finding and retaining enough security talent to bolster a capable cyber team with the right skills to address attacks. CISOs need a solution to improve the cyber skills at their company but can’t realistically send everyone away to class. Likewise, CISOs may realize they have skills gaps on their teams and assessing their competencies and hiring the right talent is becoming a growing challenge. Further, every CISO is concerned about their company being the next news headline of a cyberattack, so they are constantly worried about their overall cyber readiness and keeping their teams razor sharp. Looking down the barrel of a 300,000+ security job shortfall in the U.S. alone, CISOs fear their teams, whether large or small and mighty, may not have all the skills they need to effectively top new threats.

  1. Rebuilding Trust

It’s been a bad few years for cybersecurity leaders with the growing number of well-publicized hacks of large and small companies. Naturally, such news leaves many consumers and company stakeholders distrusting companies who fall victims to these attacks. What’s worse is trying to rebuild trust after an attack. It’s not a flip of a switch or apologetic PR statement that automatically regains public trust in data security for a company. It can take months or even years for a company to bounce back from a breach of any magnitude. Privacy issues, security and device addiction are all elements that need to be addressed from the beginning in order to take ownership and responsibility of how customer data is stored, used, transferred, and accessed.

There’s often too much momentum in the way of today’s cyber operations to allow for any kind of change but this is something that MUST change. CISOs and their teams live with cybersecurity worries, threats, and “unknown unknowns” that are simply too scary to block out. Frustrated talented resources and limited budgets perpetuate these cybersecurity nightmares. For CISOs to wake up from these horrible scenarios, they need to consider new ways to develop their teams and foster holistic “security is everyone’s responsibility” cultures in order to move forward. New threats, cloud security issues, and skill gap concerns can be quelled with the proper persistent learning solutions in place to empower and augment cyber teams toward a stronger security infrastructure. Likewise, educating the entire staff, not just the IT department on security issues and best practices ensure everyone will have sweeter dreams.

Photo by Sergey Zolkin on Unsplash