Following the news that the FIDO Alliance has created a new onboarding standard to secure IoT devices, the Industry leader commented below.
<p style=\"font-weight: 400;\">The security of the IoT has been a concern for years now, so it’s certainly a welcome move from the FIDO Alliance to standardise the onboarding of IoT devices. The creation of an industry standard in this area is especially timely, given that the rapid shift to remote working amid the pandemic has widened the IoT threat landscape significantly. Organisations have rolled out new devices and new permissions to enable employees to access data on a mass scale. While has been necessary to ensure business continuity, it has heightened the potential for a data breach as a result of an infected IoT device. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Beyond implementing open industry standards, however, organisations need to be aware of best practice IoT security. Importantly, this needs to go beyond usernames, passwords, and multi-factor authentication. User and Entity Behaviour Analytics (UEBA) tools, powered by unsupervised machine learning, enable businesses to monitor all system activity in real-time, allowing them to rapidly identify anomalies and respond appropriately. If an employee logs in with a compromised device, for example, UEBA can prevent them from going any further, reducing the risk of the data breach. This is context-aware computing: security that works with how employees work, rather than putting up barriers to productivity. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">It is imperative that the protocol is followed by relevant stakeholders. As a standard, the goal for it is that it should be embraced and adopted by the industry and enforced by Governments. As a society, we need to know that the devices and the ecosystem to which they belong are secure and can be trusted. That should be the ultimate goal for it all.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics