In interviews with leading security experts, this CSO article dives into top IoT security nightmares. The first nightmare sketched out by Roberto Tamassia, EMCS Executive Director and Plastech Professor in Computer Science at Brown, focuses on the sheer growth of the industry. As CSO notes, “5 million new IoT devices added daily equals as many and more new security vulnerabilities each day.” According to Tamassia, IoT devices increase security vulnerabilities because they broaden the attack surface and, have more security holes. Tamassia explains:
“Factors that contribute to IoT device vulnerabilities include device manufacturers who don’t have extensive cyber security experience, computing power and storage constraints that limit the available security mechanisms, cumbersome software update procedures, and the lack of user awareness of the security threats posed by these devices.”
To mitigate these IoT security concerns, Tamassia recommends, according to CSO, that,
“Enterprises should first weigh their convenience and efficiency advantages against the risks, institute security policies and procedures that cover each type of device, and include IoT security training in employee security education programs… Behavior-based and IDS/IPS security technologies will have to envelop the potential bad behavior of IoT devices as well.”
CSO also shares the following three industry recommendations from Tamassia:
• First, the Federal Trade Commission should fine companies that sell appliances with poor security, such as back doors, until they recall and repair their products.
• Second, legislators should write laws that require that IoT appliances periodically restore the software to its initial state. This requirement would kick out any malware that managed to penetrate the appliance.
• Third, new IoT hardware could have IPv6 addresses in a restricted range, making it easier for any domain owner that is under a DDoS attack to have its ISP reject all packets directed toward it from IoT appliances.
To read the rest of the article, go here.