'Internet of Me' driving IoT security
panelists at the National Cyber Security Alliance’s (NCSA’s) Cybersecurity Summit at Nasdaq said the personal nature of the IoT will drive vendors to improve security.
Noting a rapid acceleration of “things” connected to the internet with the pace expected to pick up, panelists at the National Cyber Security Alliance's (NCSA's) Cybersecurity Summit at Nasdaq called for a focus on protecting data, advocated for a framework to guide development and said the personal nature of Internet of Things (IoT) will drive vendors to embrace higher levels of security.
“IoT is directly personal,” said Tim Fitzgerald, vice president and chief security officer (CSO) at Symantec, who added that he uses his mother as a “yardstick” to measure security needs. “If my mom is thinking about security, then something has changed.”
Janet Bishop-Levesque, chief information security officer (CISO), at RSA said that the “personal has driven it home for everybody, noting that everything from “hacking baby monitors to Dick Cheney turning off his pacemaker” so it couldn't be compromised has made users take notice.
Indeed, a growing number of consumers are beginning to mull security as the IoT more closely resembles what NCSA Executive Director Michael Kaiser called the Internet of Me and with good reason. Devices gather more and information on them and their movements and most don't have a good fix on how that data is collected and used. Reports of breaches and threat actors dominate the news, with consumers and the enterprise seemingly under constant attack. “Cisco blocks 19.6 billion threats a day,” said Steve Martino, vice president and CISO at Cisco. “That's more than the number of Google searches a day.”
Fitzgerald called for a framework to “make security a seamless process, make it easy enough,” adding that “it is incumbent on us to provide the framework on how it will occur.”
Vendors are already starting to “bake in security,” the panelists said. “You start with building into the process what's important from the get-go,” said Martino, pointing to Cisco's secure life cycle process, which he said has been in play for 15 years or so.
As the security bar is raised, users will become more demanding, the security pros contended. “The customer will self select,” said Fitzgerald, adding, “I hope that we can weed out those companies that are not taking security seriously.”