-- Company to present threats and scalable solutions at IoT Festival in Melbourne 4-5 June
DigiCert, Inc. ( https://www.digicert.com ), the leading global provider of SSL and other PKI solutions for securing web traffic and the Internet of Things (IoT), will be presenting on security trends and challenges for connected devices today at the IoT Festival in Melbourne, which runs through tomorrow at the Melbourne Park Function Centre. As device connectivity increases rapidly across critical infrastructure, certificate-based public key infrastructure (PKI) is gaining momentum as a proven, scalable method of providing authentication, encryption and device integrity against the onslaught of attacks seeking to exploit IoT security weak points.
"The market for devices connected to the Internet but not built with security in mind is growing, and more awareness is needed in order to reverse these trends," said Mike Nelson, vice president of IoT security for DigiCert, who will be presenting at the IoT Festival. "Though innovators in industries like healthcare, automotive and energy are leading the way in addressing these issues, many companies still lag behind. Security fundamentals like PKI and certificates provide interoperable, scalable approaches to the core needs of device and user authentication, data encryption, secure boot and over the air updates."
Global research firm Gartner estimates that the number of connected devices will surpass 25 billion by 2020, enough for multiple devices per person on the planet. Other researchers project higher numbers. Despite this, security fears could be limiting some IoT projects from getting off the ground.
A report ( https://www.securerf.com/26-execs-say-security-impedes-iot-implementation/ ) by the Economist Intelligence Unit noted that 26 percent of business leaders cited security as a chief obstacle to implementing IoT. A Vanson Bourne survey reported ( https://www.helpnetsecurity.com/.../implement-iot-projects/ ) that 59 percent of IT professionals were being held back from IoT projects by their security concerns.
These security concerns are not unfounded. Many devices are rushed to market, rife with poor security practices, such as hardcoded passwords that cannot be changed or default passwords that users do not know how to update. Others are often lacking the ability to securely patch the device firmware or encrypt data in transit. The devices range from medical devices embedded in patients and connected to hospital networks to popular children's dolls and baby monitors.
A couple years ago, St. Jude Medical found out the hard way the price of insecure connected medical devices when a hedge fund company partnered with a security research group to purchase a short position in the St. Jude stock after finding a vulnerability in their pacemakers. They publicly disclosed the vulnerabilities, causing the stock to drop 20 percent.
IoT deployments also produce concerns over compliance. The European Union (EU)'s General Data Protection Regulation (GDPR), though limited to handling of EU citizens' data, still affects companies doing business in the EU, and portends future regulatory actions that may be coming from other government bodies. The inability to protect user data is the just the tip of the iceberg when it comes to security of IoT devices.
Public and regulatory interest becomes more acute within the IoT because, in many cases, the potential negative outcomes of compromised devices is not just data leakage but also unauthorized access to entire networks, and even widespread public harm or patient adverse effects to their health. The ransomware inflicted upon the UK's National Health Service (NHS) that shut down emergency rooms and limited access to good healthcare for patients across the country is a very real example of what can happen when security is not properly addressed.
Nelson and his DigiCert colleagues are busy traveling around the world presenting on IoT security threats and fundamental building blocks for security solutions. They also are working with many industry and government bodies to advance security standards to protect devices in use now and to build security into the design of connected devices on the assembly line.
"Dialogue is happening, and we are seeing progress," said Nelson. "However, the pace of adoption needs to pick up significantly. My hope is that by raising these issues, we can advance understanding and awareness, and more companies can start to see security as a business imperative, before a catastrophic event or government regulation compels them to take action. Once that happens, the costs of implementing solutions will rise exponentially. Now is the time to build a strong IoT security plan." ---
F
