The next big wave of cyberattacks may come from the millions of Internet of Things devices out there. If you’re making or deploying IoT devices you need to up your security game, yesterday!
Here are the top five things companies can do to secure IoT:
1. Build security into devices from the beginning. Don’t tack it on at the last moment before you ship.
2. Limit data collection. Only collect the data needed to provide a service and only keep it for a limited period of time.
3. Limit what data can be accessed. An unauthorized person should not be able to get into customers’ device data. And require strong authentication before allowing devices to interact with each other.
4. Hold your contractors to your security standard. Only hire outside providers that deliver reasonable security and allow for reasonable oversight by you.
5. Monitor and patch. Don’t just assume the device is fine after you sell it. Keep tabs on the health of devices and provide patches promptly for known risks.
These are just a few of the things you can do to keep your IoT products from being misused. The steps may sound tedious and costly to some, but they’re a far sight better than being culpable for the next big DDoS or financial attack.
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 09:39AM