Surviving the IoT Cyberattack Pandemic
Assess your risks, secure your firmware and comply with the ever-changing regulatory landscape.
Securing Firmware Is a Critical Cybersecurity Measure
As there are numerous attack vectors, a constructive place to start is to employ an expert who can efficiently reverse-engineer firmware to reveal vulnerabilities ripe for remote exploitation by hackers, thieves and state-sponsored actors. This process should be done at the design phase of any IoT device.
Another proactive step that IoT manufacturers should take to protect their devices is to employ engineers and developers that are able to think like cyber attackers and understand how to exploit their own devices. Security training on exploiting embedded software is the key to their success.
Effective embedded firmware security training is live, hands-on instruction that combines lectures and labs in which students hack off-the-shelf devices that are already on the market. Students will learn to protect their companies' embedded devices and join others who have a stake in security.
The importance of having an IT staff solidly educated in cybersecurity is not only a good business practice, but effectively required by law. As discussed below, the Federal Trade Commission (FTC) includes security personnel practices in its IoT security guidelines, while the Federal Communications Commission (FCC) has commenced a comment proceeding that will likely result in cybersecurity reporting requirements.
The Law Mandates Secure IoT Devices, With More Regulations on the Way
The Federal Trade Commission
The FTC has brought hundreds of cases in which it sought to protect the privacy and security of consumer information. In these enforcement actions, the FTC has alleged that various companies acted deceptively in violation of the FTC Act by, among other things, failing to provide reasonable security for consumer data.
One of these cases involved a company whose vulnerable software enabled hackers to use malware that allowed access to consumers' usernames and passwords for financial accounts. The company informed its customers that updating the software would make its systems secure, but the updates only removed later versions of the software, leaving in place older software that could be easily hacked.
In order to mitigate the possibility of legal violations, the FTC has issued some recommended best practices for IoT device manufacturers. These include security by design, security risk assessments, security testing measures and security personnel practices.
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|