If your org uses third-party IoT solutions, what criteria do you use to assess those vendors' security practices?
4.2k views1 Comment
Sort by:
Content you might like
What’s your top barrier to adopting AI-driven pentesting?
Lack of mature vendor solutions41%
Trust in AI accuracy65%
Budget constraints29%
Skills to operate the tools47%
Stopping external cyberthreats (including organized cyber criminals, nation-state actors and ransomware attacks, etc.)26%
Stopping insider cyberthreats (including both deliberate actions and employee mistakes like clicking on bad links.)33%
Workforce rightsizing, including hiring, work from home challenges and other post-Covid workforce (HR) issues.14%
Incorporating new technologies, including the governance and implementation of genai, AI and other new toolsets. Includes retraining existing staff to take advantage of cutting-edge tech.20%
Something else.6%
Key criteria should include robust data encryption for both transit and at-rest data, secure authentication mechanisms, and effective access controls. The vendor's approach to device management, including regular updates, and adherence to security-by-design principles are critical. Monitoring, logging, and clear incident response and disclosure procedures contribute to a comprehensive assessment, ensuring a secure and trustworthy IoT solution. *Keep in mind some IoT devices require physical access to upgrade and patch the device - making it a challenge if the units end up being mounted high up behind a display, with a scoreboard, ceiling monitoring, et al.