When you huddle around the coffee machine at work or flip on your smart kettle at home, do you consider the security of the Internet of Things (IoT) devices you are using?

If you’re like most, IoT security is probably the last thing on your mind. Today it is more and more likely that these caffeine dispensers are part of the IoT. But who is responsible for securing these devices? How could a breach threaten an organization or individual?

A New Frontier for Security

IoT security is becoming an important issue for consumers and enterprises as the volume of smart, connected devices increases. Security analysts have already seen cybercriminals exploit vulnerabilities in IoT devices ranging from coffee machines to car alarms.

Security leaders face many challenges related to IoT security. Discussions tend to focus on technologies, products and solutions. There are other important factors to consider, however, such as experience, knowledge sharing and business networks. IoT is not a new concept, but it is gathering more traction as the number of connected devices rises dramatically. Still, the risks related to these devices are not yet well understood.

Theses challenges are not at all unique. There is a lot to be learned, in fact, from existing security services and technologies, such as endpoint protection. As enterprises expand into the IoT domain, many will choose to adopt secure IoT platforms.

IoT Security in Numbers

The IoT Security Foundation (IoTSF) is a nonprofit organization dedicated to driving security excellence. The group includes over 65 member companies ranging from research institutes and universities to IoT startups and global corporations. IBM is one of those members, investing to infuse security knowledge and build a community around IoT security. IBM also participated in the development of an IoT security framework for industrial use as part of the Industrial Internet Consortium.

IoTSF members defined the scope and focus of working groups to shape the agenda and recommendations around IoT security. Industries and companies within the IoTSF actively collaborate to establish and uphold security principles. Membership and participation in the IoTSF enables organizations to become thought leaders in the IoT security space. It echoes values of openness, community, collaboration and standards to better serve enterprises adopting and developing IoT solutions.

Five Working Groups

IoTSF has an evolving agenda. The group is working on developing security strategies for consumer devices and solutions, which is the most valuable product segment in the IoT market. As such, the IoTSF defined five working groups built around that segment of IoT marketplace opportunities.

A recent plenary session focused on updating the five working groups and organizing the IoTSF Conference in December 2016. The five working groups are defined as follows, according to the IoTSF website:

  1. Self-Certification Scheme;
  2. Connected Consumer Products;
  3. Security Patching and Updating of Constrained Products;
  4. Framework for Disclosure; and
  5. IoT Security Landscape.

The working groups interlock to ensure that their missions are not carried out in silos. This also allows the teams to collaborate to reuse and interweave efforts. They strive to ensure that the strategies developed are useful, accessible and easy to adopt. Many of these artifacts are intended for public release ahead of the IoTSF Conference.

IoTSF Conference 2016

Following the success of last year’s conference, the main theme this year is convergence and holistic security. The IoTSF intends to promote the supply chain of trust and a duty of care for customers. In addition, the conference will highlight the fact that while information security is not new, the IoT is an uncharted frontier.

IoTSF held its inaugural conference on Dec. 1, 2015, at the Royal Society in London. Approximately 200 professionals gathered from across the globe, including representatives from government agencies, automotive manufacturers, defense contractors, buildings consultants, platform providers, IT services, telecommunication companies and venture capitalists. The conference offered case studies of cybercriminals compromising connected cars, wearables and medical devices. It examined the threats to companies and consumers, and asked participants to consider how to better defend against those threats.

Last year’s event included a presentation by one of IBM’s IoT security engineers. IoTSF is looking to build on the popularity of that event by incorporating the outputs of its working groups and offering tracks for both mid- and senior-level managers. There are also more technical details for practitioners.

As more devices come online, enterprises need to address the security implications. Consider what an IT professional could learn and share about IoT security by working with like-minded people.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …