data encryption and continuous monitoring, which protect the cloud infrastructure that supports
                   IoT devices and business critical operations.



            The Evolving Cybersecurity Landscape

            For  perspective  on  how  persistent  and  sophisticated  cybercriminals  have  become,  consider  that
            the National Institute of Standards and Technology (NIST) updates its National Vulnerability Database
            (NVD) hourly. Moreover, in 2022, over 25,000 new common IT security vulnerabilities and exposures
            (CVEs) were discovered — the highest reported annual figure to date. In light of these ever-emerging
            threats, regulators constantly update existing standards or release new ones to protect IoT devices.

            For example, in 2022, regulators amended the FDA Act to include requirements for connected medical
            devices.  That  same  year,  to  address  the  increasing  intersection  of  IoT  devices  and  account-based
            payments,  the  Payment  Card  Industry  Security  Standards  Council  and  the  Consumer  Technology
            Association issued a joint bulletin highlighting the importance of IoT security. Additionally, cybersecurity
            regulations have global implications for IoT technology, such as the General Data Protection Regulation
            (GDPR), the EU Cybersecurity Act, and the California Consumer Privacy Act (CCPA). Failure to adhere
            to these standards can result in impact to the bottom line, including costly fines.

            The shifting IoT security landscape can be daunting. However, a top-down approach to security allows
            upper management to more effectively direct the implementation of security practices and regulations
            throughout  the  organization,  whether  ensuring  staff  have  the  training  to  identify  phishing  and  social
            engineering threats, mandating FIPS 140-2 cryptographic encryption or restricting physical access to the
            enterprise or specific assets. The good news is that the security industry has galvanized in recent years,
            and there are great resources today that enable organizational leaders and technical personnel to quickly
            grapple with the issues and put an actionable strategy in place.



            Finding Help and Leading by Example

            The ideal strategy for IoT security is a multi-layered, company-wide strategy — including procuring tested
            and proven devices with built-in security protocols, ensuring the ability to continually update all connected
            devices over their lifecycle, and mandating procedural and behavioral training for all staff members. While
            cultural  and  infrastructure  change do not  happen  overnight,  every  business can implement  a strong
            security posture and excellent security measures. When in doubt, brands should seek a total solution
            vendor that can help integrate IoT security best practices, including monitoring and management services
            to keep cyber defenses up to date. Ultimately, it is incumbent on an organization’s leadership to take the
            initiative and promote company-wide adoption and cultural change.











            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          23
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.