EDITOR’S QUESTION
Harish Chib
Vice President Middle East
& Africa, Sophos
Once a concept, the world of IoT is now
set to prevail as a disruptive reality. From
connected cars to smart-cities, Internet of
Things (IoT) is here to stay and shall bring
in more sweeping changes as its ecosystem
matures with time. Rapid strides being made
by IoT certainly augurs well for today’s digital
economy and it shall benefit both end-users
and businesses alike. However, there is a
need to understand potential security risks
that may arise from IoT deployments, for
most IoT devices were not designed with
security in mind. Take SCADA systems as
an example. Most are not even password
protected, let alone encrypted. In an effort
to keep costs and power consumption low,
most IoT devices eschew the ability to
encrypt their communication. Many devices
Sophos has analyzed are vulnerable to replay
attacks, send passwords in the clear or only
hashed with MD5, etc. Many IoT problems
in the micro aren’t a very big deal, but at
the macro scale become a big problem. If a
www.intelligentcio.com
“smart” thermostat can be hacked it may not
be an issue if someone simply turns on your
air conditioning in the winter, but imagine
the ability to turn on several thousand air
conditioners in the same city at the same
time? That could take down the electrical
grid. As a plethora of new devices connect
to the network, it leads to unforeseen
challenges that stem from new firmware,
embedded OS types, vulnerabilities in sensors
etc. Add new transport protocols that make
network security more complex than ever.
Among key security areas include access
control, device authentication, firewalling,
IPS, and unpatched devices or softwares. IoT
is forcing IT security managers / CXOs to take
a departure from legacy security approaches.
The need of the hour is to better understand
taxonomy of IoT security and applying that
knowledge to strengthen Data Security &
Privacy Protection, Prevention of Threats
& Risks and Legal issues and Regulatory
Compliance mandate.
INTELLIGENTCIO
85