Tuesday, June 28, 2022

Be prepared for the pitfalls of IoT, says CISO

With the spread of the so-called Internet of Things, CISOs and CIOs increasingly have to take care that every device they buy that will connect to their networks will be secure. Another reminder comes with word that a vulnerability announced last month by a security vendor in D-Link WiFi video cameras is more serious that first thought.

According to SecurityWeek.com, there’s evidence bug affects more than 120 of the company’s products, many of which are marketed to by Canadian small businesses. The manufacturer is working on patches.

This also highlights a column this week by security author and CISO Michael Oberlaender on four steps organizations must take to secure their IoT devices:

–if the device holds or transmits sensitive data encrypt traffic with AES256 where symmetric encryption can be used.  For cases that involve many users / keys, use asymmetric RSA 2048 bit. For key exchanges over insecure channels, use the Diffie-Hellman protocol. Encoding (e.g. BASE64) is NOT encryption, he stresses, as the decoding function can easily be used for reverse results;

–ensure the solution also allows the use of secure hashes to defeat anyone who might have access to the encryption / decryption keys;

–think how the IoT fits into the entire architecture including backup, high-availability (full double pathways), patching and updates;

–are there open interfaces, and if so how will they be secured?

It’s vital that organizations not be caught unaware of the pitfalls of IoT devices while being dazzled by their potential.

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.