Page 23 - Cyber Defense eMagazine December 2023
P. 23
data encryption and continuous monitoring, which protect the cloud infrastructure that supports
IoT devices and business critical operations.
The Evolving Cybersecurity Landscape
For perspective on how persistent and sophisticated cybercriminals have become, consider that
the National Institute of Standards and Technology (NIST) updates its National Vulnerability Database
(NVD) hourly. Moreover, in 2022, over 25,000 new common IT security vulnerabilities and exposures
(CVEs) were discovered — the highest reported annual figure to date. In light of these ever-emerging
threats, regulators constantly update existing standards or release new ones to protect IoT devices.
For example, in 2022, regulators amended the FDA Act to include requirements for connected medical
devices. That same year, to address the increasing intersection of IoT devices and account-based
payments, the Payment Card Industry Security Standards Council and the Consumer Technology
Association issued a joint bulletin highlighting the importance of IoT security. Additionally, cybersecurity
regulations have global implications for IoT technology, such as the General Data Protection Regulation
(GDPR), the EU Cybersecurity Act, and the California Consumer Privacy Act (CCPA). Failure to adhere
to these standards can result in impact to the bottom line, including costly fines.
The shifting IoT security landscape can be daunting. However, a top-down approach to security allows
upper management to more effectively direct the implementation of security practices and regulations
throughout the organization, whether ensuring staff have the training to identify phishing and social
engineering threats, mandating FIPS 140-2 cryptographic encryption or restricting physical access to the
enterprise or specific assets. The good news is that the security industry has galvanized in recent years,
and there are great resources today that enable organizational leaders and technical personnel to quickly
grapple with the issues and put an actionable strategy in place.
Finding Help and Leading by Example
The ideal strategy for IoT security is a multi-layered, company-wide strategy — including procuring tested
and proven devices with built-in security protocols, ensuring the ability to continually update all connected
devices over their lifecycle, and mandating procedural and behavioral training for all staff members. While
cultural and infrastructure change do not happen overnight, every business can implement a strong
security posture and excellent security measures. When in doubt, brands should seek a total solution
vendor that can help integrate IoT security best practices, including monitoring and management services
to keep cyber defenses up to date. Ultimately, it is incumbent on an organization’s leadership to take the
initiative and promote company-wide adoption and cultural change.
Cyber Defense eMagazine – December 2023 Edition 23
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.