CISOs face the IoT security risks of stranger things
The internet of things, by its very design, extends enterprise technology infrastructure farther and farther out, computerizing devices whose functions, if corrupted, could have catastrophic results. The sheer scope of internet-connected devices is compounding IoT security risks: CISOs now must worry not only about compromised or stolen data but the potential for bad actors to hijack vehicles, heavy machinery and medical equipment.
“People talk about IoT being the new hot thing, but it has been there almost 20 years in medical care,” said Taylor Lehmann, CISO for both Wellforce and its academic hospital, Tufts Medical Center based in Boston. “What has changed is the number of these devices and how many of these devices are vulnerable.”
Strategies to manage IoT security risks outside of healthcare and a few other industries remain in the early stages. Many connected devices can’t be patched or updated, nor do they have security features such as basic encryption and two-factor authentication. The skills to secure IoT, which require knowledge of software and hardware, are challenging to find.
Even so, experts say cybersecurity in the internet of things era draws on the same technologies and practices that have proven effective over the years, thereby giving CISOs and their organizations a roadmap for extending security as the number of devices multiplies. In this issue of Information Security magazine, we talk to CISOs and other information security experts about IoT security risks and strategies for managing them.