Just 10% of Enterprises With IoT Deployments Confident of Cybersecurity Measures, CableLabs Says
Citing an AT&T cybersecurity report based on a survey of 5,000 global enterprises, CableLabs said in a Thursday blog post that 85 percent of enterprises have IoT device deployments in the works, but only 10 percent of those feel confident…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
they could secure them in case of a cyberattack. On what the cable industry is doing to secure devices, Ron Ih, Kyrio Security Solutions director-business development, said the most important IoT security trend this year is the use of digital certificates and public key infrastructure to better secure the onboarding process when a device is authenticated and added to a network. With digital certificates that are issued and signed by a reputable source -- a certificate authority or root of trust -- devices exchange digital certificates to cryptographically authenticate each other’s identity and origin, said Ih. In addition to increasing security, digital certificates improve the customer experience by eliminating the need to enter a PIN, he said. Cryptographic signatures within the certificates can’t be forged or recreated without the proper private key at the source, said Ih. On the main challenges facing the IoT today, Ih said most device makers don’t have security experts and are “unprepared to manage security complexities.” Device makers deal with millions of devices per year, work with firmware and small footprint applications and have limited computing power and storage, he said: Security can be limited to what’s deemed essential to reduce costs and delivery times. In contrast, security companies have traditionally operated in the world of enterprise computing and networking with large corporations that have information technology staff specializing in security. The two create a “large mismatch” between what a device maker needs and what a security company is equipped to provide, “resulting in the two parties talking past each other,” the expert wrote. Device security ends up being omitted or left as an afterthought “because it currently takes too much effort and cost to understand and implement it,” said Ih. Tackling IoT security effectively requires addressing the time required to implement security, he said. On what companies can do to improve product security, Ih suggested leveraging security as an “opportunity to improve customer experience and revenues. Consumers don’t buy security for security's sake," he said. "They buy products that make their lives easier and more convenient."