How will security practices for internet of things (IoT) devices evolve?

1.6k views1 Upvote7 Comments

SVP, Chief Information Security Officer in Education, 5,001 - 10,000 employees
When we start to get native, protocol-level attacks on industrial internet of things (IIoT) and IoT devices, it will be interesting to see how the players in this space will react. They're going to realize that their products cannot stop those attacks. Even if you have a traditional next generation firewall (NGFW), for instance, someone could create a denial-of-service attack using native, valid, DNP3 functions. I wrote a lot of the offensive code when we were designing security for the products at Bayshore Networks, so I know that can happen. Those NGFWs would see this DNP3 traffic and just let it through. While there are architectural dynamics involved, and it's not a black and white situation, native protection of these environments is going to be critical.

Director of Information Security in Services (non-Government), 201 - 500 employees
IOT devices is a challenge to manage and protect. Some (if not most) of these are in critical infrastructure / applications and also remote unmanageable locations, very challenging to remediate vulnerabilities at a short notice. IOT vendors will definitely make advances to a certain extent, but its always going to be a challenge.
HEAD IT in Consumer Goods, 501 - 1,000 employees
Cyber security is a big challange for IoT applications . IOT device and device related data contain both personal data along with  connected devices data too. So proper planning of security and education about securtiy across  the organization is very essential. It should be top driven and give immense priority in all process and program of organization. 
So maintaining data lifecycle, variable encryption process, protocol level policy, device recycling policy after data erase etc must be in place.  
Director, Information Technology in Transportation, 201 - 500 employees
I think the security tools currently in use for commercial entities like CarbonBlack, Darktrace and managed EDR will move into the consumer space to protect household networks.  Perhaps similar to how alarm companies migrated from the commercial to consumer space 25 years ago.

Home networks are not going to become simpler or less critical and cyber criminals are not going to become less creative or persistent; so, the natural response will be more robust protection for consumer grade networks and endpoints.
Senior Information Security Manager in Software, 501 - 1,000 employees
Too many firms don’t focus on the core security issues to secure their IoT infrastructure.

It’s not about evolving threats. It is dealing with current threats.

With that, security is almost always behind the curve as attackers have the advantage of, and the security teams have to defend against it.
Director of IT in Healthcare and Biotech, 11 - 50 employees
I think we're going to see segmenting occur to separate IoT devices and I think we're going to see an evolution of monitoring tools.  The IoT devices for the most part are simple, but that doesn't mean they won't either be attacked or used for attack.  I think the next evolution will be to treat them as an endpoint that needs to be secured.
IT Director in Services (non-Government), 11 - 50 employees
The security of IoT is one of the most dangerous principal which everyone working in this field has to be very carful, otherwise all the benefits which we will get from IoT will be converted to destroy ourselves  

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments