Humans and Machines Podcast: Stacey on IoT - Hopes, Dreams, and Toilets with Stacey Higginbotham

by Micro Focus Employee in CyberRes

What do agriculture, autonomous vehicles, and toilets all have in common? They all can use internet of things (IoT) devices to enhance their performance! IoT has the potential to transform industries and improve product offerings worldwide. IoT in the consumer space is becoming ubiquitous in every household with smartwatches, doorbells, thermostats, autonomous cars to name a few being integrated into the lives of people worldwide. These smart devices have the potential to enhance personal safety, improve health, and save money for consumers. Businesses are also starting to adopt IoT with smart devices starting to play a larger part in areas such as automotive, agriculture, supply chain, and more which can save money and improve the effectiveness of their solutions.

Stacey on IoT - Hopes, Dreams, and Toilets In the latest episode of the “Humans and Machines” podcast titled, “Hopes and Dreams, and Toilets,” the renowned Stacy Higginbotham from “Stacey on IoT” joins us as our guest to discuss the state of IoT including the good, the bad, and the ugly. Stacey is a highly acclaimed author and podcaster focused on everything IoT.

Stacey makes the point that the most important thing about IoT is not the data that the sensors collect, but rather how that data is used. To this end, artificial intelligence (AI) and machine learning (ML) algorithms are crucial to the usefulness of IoT as they are means to interpret and process data to get valuable insights. For example, smart cameras on a cruise line are used to capture the number of people in an area and then alert passengers which areas of the ship are busy and which are not very populated. This allows the cruise line to balance out where people are and improve the quality of the cruise for the passengers. However, in order to go from camera footage to number of passengers, AI needs to be used to recognize the images of people in the video so they can be counted.

However, not everything is all puppies and rainbows when it comes to IoT especially when cyber security is considered. From a security analyst’s perspective, the proliferation of IoT devices means more endpoints for malicious actors to infiltrate and more endpoints to monitor for dangerous behavior. The unsecured nature of IoT is exacerbated by the fact that IoT security software development is catching up with the current technology resulting in unmonitored devices on your network.

Unfortunately, it can be difficult to get funding to fix critical IoT securities, however as Stacy mentions, “No one is paying for security, except we're all paying for the fact that we don't have it”. What Stacey expertly highlights here is that security breaches are expensive and affect not just the company, but the employees, customers and even people unassociated with the company. So eventually we will all pay for IoT devices that are unsecured.

Improving an Organization’s IoT Security Posture

Stacey mentions four critical measures to improve an organization’s IoT security posture.

  1. Replace unsecured devices: Many IoT devices were built out of a desire to innovate and create useful products without a focus on cyber security. Unfortunately, this means that these devices can grant easy access to hackers leaving organizations vulnerable to malicious attacks. Some organizations claim to have their IoT devices “air gapped” meaning that there is a physical disconnect between the IoT devices and the main computer network. Unfortunately, as Stacey points out, this air gapping is largely a myth as the IoT devices are still usually connected to the main network indirectly. Instead of air gapping IoT devices, Stacey contends that organizations need to rip out and replace IoT devices that cannot be secured, resulting in a more secure network.
  2. Security patches for IoT devices: Security patches are used to update existing software product security to keep it up to date with developing cyber threats. Generally, when these security patches are installed, the device needs to go offline for a period of time. Many devices that are IoT enabled such as CCTV cameras cannot afford to go offline and thus cause complications when installing security patches. Stacey talks about needing a method for organizations to install security patches without having these critical IoT devices go offline. In addition, Stacey talks about the need to have easier security to manage for devices when they are sold so organizations without a heavy security operations team can still be secured.
  3. Monitor everything: IoT devices are notorious for lacking important monitoring software and are therefore a blind spot for security analysts. Stacey says, “We have to start monitoring everything so we can see the problems as they are happening”. Stacey goes on to discuss how the next generation of security startups are working to resolve problems surrounding the lack of visibility of IoT devices.
  4. Train staff to see cyber-attacks: One of your best lines of defense for any cyber defense is proper training of your employees. Among the top techniques for cyber-attacks starts with tactics like phishing, where an adversary sends an illegitimate email or message to an employee with a dangerous link that the employee can click on. This link will download malware such as computer viruses that allow attackers access to confidential information or internal hardware. It is critical that staff go through appropriate training so they can recognize cyber-attacks and know how to respond.

Stacey’s expertise was on full display discussing IoT and its security issues in this episode of “Humans and Machines”. Protecting IoT devices is vital to securing organizations, but IoT security technology still has a ways to go.

Links and Show Notes 

 

Join our Community | What is Artificial Intelligence? | What is Machine Learning? | What is an Insider Threat?

Labels:

UEBA
Anonymous