1.
13
Ten Expert Tips on
Internet of Things Security

2.
13
Over the last few years, Internet of Things (IoT)
is all everyone has talked about. So it comes
as no surprise, that 2016 has brought even
more talk to the industry. More products will
launch and headlines will continue to be filled
on the subject.

3.
However, as the industry continues to rise in
popularity the more we hear about the serious
security issues pertaining to IoT
devices. I asked a few experts to
share their tips on IoT security
and how businesses can address
this challenge.

4.
Implement a
BYOD policy.
1

5.
Often, data breaches
are the result of
employees losing track
of company-owned
devices such as laptops,
tablets and storage
devices containing
sensitive information.
“

6.
This problem is exacerbated by employees
using their own devices for work related tasks.
In addition to impressing upon employees the
need to keep track of their devices, businesses
should encrypt their company-owned devices
using a certified encryption methodology.
- Krishna Narine, Business Litigation Lawyer
Meredith & Narine, LLC
Source
“

7.
It all starts with the
manufacturers.
2

8.
Achieving security rests
less on the businesses
that use IoT devices and
more on the businesses
that manufacture them.
Manufacturers need to
design security in from
the beginning, both in
software and hardware.
“

9.
Ultimately, success in cyber security for IoT
depends on designing in security from the
beginning in the same way that we have
achieved high reliability in areas like rail safety,
aviation safety, food safety, security of iconic
buildings (i.e. designing buildings to withstand
a blast), and so on.
- Emilian Papadopoulos, President
Good Harbor Security Risk Management
Source
“

10.
Don’t be
in a rush.
3

11.
Don't put all your
eggs in one basket.
Technology is
awesome, and we truly
are living in the future,
but over-reliance on
technology is a surefire
recipe for disaster.
“

12.
IoT presents a treasure trove of personal
information, financial data, and other sensitive
information. Smart businesses and individuals
will be careful to temper their excitement and
desire to jump into this
increasingly-interconnected world of
convenience against their willingness to assume
additional risk of attack or penetration.
- Frank Spano, Executive Director
The Counterterrorism Institute
Source
“

13.
Add on layers
of security.
4

14.
A VPN (Virtual Private
Network) secures one's
home or business
network to allow traffic
only from verified
devices, or at least
separates the unverified
traffic out.
“

15.
With the rise of the IOT, it is becoming easier and
easier for malicious hackers to access verified
information through these devices. While they’re
marketed as being mostly secure, it only takes
one error for someone to get access to your
entire network. Using a VPN can totally
prevent this, adding a layer of redundancy that
is so underrated in today’s world.
- Bryce Hamlin,Public Relations Coordinator
Hide.me
Source
“

16.
Integrate security into
your development
lifecycle.
5

17.
Companies that
produce IoT devices
need to ensure that
they have a solid
software development
lifecycle that is inclusive
of security testing.
“

18.
By ensuring security is baked into the
development process from day one, the
company can dramatically move the needle
to help ensure the security of their devices,
while also reducing waste within the
development lifecycle.
- Andrew Storms,Vice President, Security Services
New Context
Source
“

19.
Automation
is key.
6

20.
Automation will be one of the
keys to increasing efficiency in
enterprise SOCs. For instance, an
automated incident response
system can identify and resolve
low-complexity, high-volume tasks
with little to no human intervention,
leaving expert security personnel
with more time to handle the more
nuanced and complicated issues.
That is critical, not only because
more devices will create more tasks,
but because attacks are growing
increasingly sophisticated.
“

21.
Additionally, if that same platform can centralize
information from existing security tools, it
streamlines operations by limiting the number
of tools that analysts use to initially triage alerts.
And, if the platform can capture processes for
standardization and reuse, it further increases
productivity by reducing duplicate work.
- Cody Cornell,Founder and CEO
Swimlane LLC
Source
“

22.
Integration of cyber
threat intelligence.
7

23.
The relevance of Cyber
Threat Intelligence (CTI),
as a part of a proactive
information security
program, will become
essential for
information security.
“

24.
It is critical for organizations to be able to identify
evolving methods and emerging technology
trends used by the cybercriminals, and then to
continually assess their capability in this regard.
Because many organizations don't have
access to internal specialists, they will need to
turn to external experts from the CTI sector.
- Mark Coderre, National Security Practice Director
OpenSky Corporation
Source
“

25.
Security starts with
proper training.
8

26.
Enterprises need to
approach IoT security
bottoms up by re-training
software developers:
their own and their
supply chain, ecosystem
stakeholders.
“

27.
To avoid IoT security being an afterthought,
it is critical for the developers to start with a
full system view of the IoT solution, not just
their component alone, before they write
the first line of code.
- Prathap Dendi, General Manager
Emerging Technologies, AppDynamics
Source
“

28.
Stop the
negligence.
9

29.
The primary cause
of security breaches
in business remains
employee negligence
or intent and not
the malfeasance of
hackers.
“

30.
Education and training around policies and
protocols for security is imperative to avoiding
negligent behaviors, like weak and shared
passwords or lackadaisical logouts, leading to
issues. Having clear and complete understanding
of possible vulnerabilities and limiting accessibility
of control within software and hardware
specifications and settings is of dire importance
in limiting and avoiding intentional sabotage.
- Felicite Moorman, CEO
StratIS
Source
“

31.
Oceans of
the internet.
10

32.
Asking how to
theft-proof electronic
information in the
Internet of things is like
asking how to protect
your ships against Pirates
and Vikings during the
11th and 12th century.
“

33.
We gained control of pirating the moment we
gained control over the seas and oceans...In
comparison, we do not control the vast
oceans of the Internet. We do not even have
agreed-upon standards, nor even an
understanding of all the harmful capabilities of
hackers on the web.... We are still at the stage
of inventing technologies on the Internet.
- Matti Kon, President & CEO
InfoTech Solutions for Business
Source
“

34.
Interested in learning more about the
future of IT? Check on this interactive
on the future of cloud computing.
Explore the future of cloud