Tag Archive for: IoT

NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products

/in


Will NIST’s cybersecurity labeling for consumer software and IoT products help us achieve better security? Our experts weigh in.

NIST cybersecurity labeling recommendations | Synopsys

If one of the goals of President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” is fulfilled, you’ll be able to look for a quality and security assurance label on any software product you consider buying. To which anyone who cares about such things—and everybody should—might say “it’s about time.”

Indeed, consumer labeling has long been mainstream when it comes to just about everything else. We take for granted that what we plan to eat or drink has a list of ingredients on the packaging or container. The U.S. Department of Agriculture has a label that food vendors can use if their product is certified organic. Most of us are familiar with the Good Housekeeping Seal and UL certification, which offer some assurance that a vast range of products meet a minimum quality standard. “Look for the union label” has been a slogan for almost 50 years.

But details or seals of approval on the quality of software ingredients? Not so much. Pretty much not at all.

Current state of consumer cybersecurity awareness

While Americans rely on software for just about everything in modern life—communication (email, text, phone), social media, online purchases, games, research, home security, transportation, and much, much more—most remain only dimly aware of what it is, how it works, and the level of its quality and security. 

As the National Institute of Standards and Technology (NIST) recently put it, “most consumers take for granted and are unaware of the software upon which many products and services rely, [and] the very notion of what constitutes software may even be unclear.” That is, in large measure, because consumers aren’t told much of anything about it. They generally see only what it does, not what it is, who made it, how it works, or how it could put them at risk. 

The Biden executive order (EO) is obviously aimed at closing that gap in consumer awareness. It calls for NIST, the Federal Trade Commission, and other agencies to “initiate pilot programs informed by existing consumer product labeling…

Source…

Common IoT Security Threats and best practices to counter them

/in



Read Article

By Bhavesh Goswami, CEO & Founder, CloudThat

The Internet of Things (IoT) is a growing phenomenon that is being adopted by various businesses to increase efficiency. As objects around us are increasingly being connected to the internet, IoT devices are ubiquitous today. Moreover, the IoT market is growing at a staggering rate with each passing day. This piece of statistics from IoT analytics emphasizes the growing pace of the IoT market. In 2021 the number of IoT devices worldwide was 13.8 billion, in 2022 it is expected to grow up to 16.8 billion devices and by 2025 it is estimated to become 30.9 billion devices. Interestingly, the report also says that by 2030, 75% of devices used worldwide will be IoT devices.

While IoT devices can greatly influence and increase productivity in business, it is also very important to understand that these devices are exposed to threats such as unethical hacking or masquerading from any of the internet-enabled devices. Moreover, the security vulnerabilities of IoT devices must be effectively handled and it is here where IoT security steps in.

IoT security: Knowing the Basics First
IoT security is a pool of tools and techniques employed to thwart security vulnerabilities faced by millions of inter-connected devices on the Internet. In other words, IoT security involves protecting IoT devices from attacks. While many business owners are aware that they must safeguard their PCs and phones with antivirus software, the security concerns associated with IoT devices are less widely understood, and their protection is sometimes overlooked. So, understanding the security vulnerabilities and threats is critical for adequately protecting one’s network.

6 Common IoT Security Threats: Cause of Concern for Businesses

•Weak password protection- IT systems and IoT devices consist of hard-coded and embedded credentials which are an unexpected gain for hackers to attack the device directly. Taking control of an IoT device via its interface or web portal is simple with a weak password.

•Lack of regular patches and weak update mechanism– IoT products are designed to keep usability and connectivity in mind. Initially, they may be…

Source…

Navigating risks in a 5G enabled IoT Channel

/in



Read Article

By IC Bala Prasad Peddigari, IEEE Senior Member, Growth and Transformation Innovation Leader, TCS

The high-speed communication that comes with 5G has undoubtedly opened a host of opportunities for the future of tech. According to a recent Ericsson Mobility Report, massive IoT will contribute to 51% of cellular IoT connections and 5G subscriptions are expected to reach 4.4 billion by 2027. These findings promise to deliver reliable and secure high data rates. However, each device that is connected in the 5G enabled IoT ecosystem, opens a surface for the channels that allow the sensing, collecting, and processing vast amount of information at high speed. This process accumulates a huge amount of data that is highly prone to many security challenges because of the interconnectivity between the billions of devices participating in the IoT landscape – and inevitably making them vulnerable to attacks.

Furthermore, the integration of edge cloud in the context of 5G enabled IoT has opened many new use-cases, where multiple tenants can leverage the local compute power of edge devices, edge gateway and edge data centers. This triggers many data security threats, and it requires taking measures to protect attack surfaces from advanced persistent threats, web application vulnerabilities, API security, and lateral propagation.

As the density of devices is over a million per square kilometer, the attack surface has multiple channels that can be exploited and result in threats to data passing through the wire. Common attacks like Supply Chain Attacks, Network attacks, and BotNets can be mutated and replicated with ease across the channels. Other attacks include:
• Man in the middle: The first attacker expropriates the transmitted messages and then attempts to update or delete the messages before forwarding them to the receiver
• Impersonation attack: The attacker effectively determines the identity of the actual communication party and generates a message on behalf of the ‘‘genuine communicating party’’ to send to the recipient.
• Bidding Down: This is a cryptographic attack to abandon the higher quality order of operation when compared to the lower quality…

Source…

Fortinet Threat Landscape Report Q2 2017 | FortiGuard | Cyber Security | Ransomware

/in