A recent announcement from Consumer Reports, an influential US group that conducts extensive product reviews, suggests that they are gearing up to start considering cyber security and privacy safeguards when scoring products. IT security experts from LogMeIn and Allot Communications commented below.
Ryan Lester, Director Of IoT Strategy at Xively by LogMeIn:
“No matter the product, security needs to be a foremost concern for manufacturers. When talking about IoT products specifically, security becomes even that more important and complex. Having an assessment model in place will be a great incentive to make sure manufacturers are leaving no stone unturned when it comes to the security of their products, but it is also important to keep in mind that the responsibility does not fall on the manufacturer alone. Product manufacturers can build in various security mechanisms to reduce the risk of attacks – including strong authentication, encryption and the like — but consumers also need to do their due diligence as well. Creating strong passwords, connecting to only secured networks, ensuring firmware is up to date, etc. are just a few steps consumers themselves can do to ensure their own security in the world of connected products.”
Moshe Elias, Director of Product Marketing at Allot Communications:
“Consumer Reports considering cyber security in product reviews is a step in the right direction. Manufacturers need an incentive to apply security and a high review score may help.
The problem with the consumer IoT industry is that emphasis is made on functionality which is natural, but none on security. These “things” or devices, are a security backdoor. A wifi connected doorbell is “not interesting” in itself, but if it stores the Wi-Fi password in cleartext a hacker can use that to access all the household connected devices, alarm systems computers etc.
The security solution, however, needs to be layered, and centered around a network based security system that is delivered by a capable operator. Just as every smartphone and computer have vulnerabilities, so will IoT devices and these require an additional layer of security – in the network.
Device ranking will not guarantee that devices become un-hackable. Protecting access and validating data on a device-by-device basis is not a sufficient solution. Most devices are closed systems and don`t allows installing any security client software or any software after shipping from the factory and even if some devices allow that, this approach requires investment and scalability, and continuous maintenance needed to ensure devices are controlled. A more reasonable approach is a comprehensive solution delivered from the CSP network (network-based) security solution, that unifies all security function needed to control any device (whether an IoT device or mobile handset) and provides a simple, scalable way to protect the network with a growing number of connected devices.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…