The Internet of Things (IoT) is an exciting and innovative technology that can help businesses discover new growth areas and income streams. With all this innovation to differentiate in industry verticals and challenge traditional operating models, it’s easy to overlook IoT security, both in terms of its uniqueness and its importance.

What Is Different About IoT Security?

The IoT is the application of multiple technologies, and people fail when they try to protect it as a single technology. It is critical to understand the unique challenges it introduces, such as the fact that connected devices are likely to be out in the wild and attacks against them might have physical consequences.

The variety and volume of IoT devices are also important considerations. Gartner predicted that the number of IoT devices will reach more than 20 billion in 2020. However, there is no standardized IoT device footprint.

With all these nuances and the expectations of big business to reap great rewards from the IoT, the importance of security is clear. In the bid to create differentiating business models and gain a competitive advantage, businesses must secure their IoT investments.

Is Security a Barrier to IoT Adoption?

According to a Forrester report, 54 percent of IT decision-makers are concerned about IoT security risks. That’s why businesses need a trusted and secure IoT platform and regular access to security testing expertise at every stage of solution development, from design to operation.

The IBM Watson IoT Platform is recognized as an industry leader for multilayered security, and IBM X-Force Red has a global team of experts who can deliver tailored testing for IoT solutions. The secure, cloud-based Watson IoT Platform has been audited for compliance with ISO 27001, a security standard developed by the International Organization for Standardization (ISO). The platform also offers advanced threat intelligence to help customers visualize critical risks in the IoT landscape and create policy-driven automation to prioritize operational responses to security incidents.

IBM has already demonstrated the value of the Watson IoT Platform to companies such as Schaeffler, an auto manufacturer that is using Watson to accelerate its digital transformation.

Understanding the IoT Solution Stack

The IoT solution stack stretches from the chip to the cloud, and incorporates hardware, network and applications. Each layer of the solution stack is important in relation to security. However, it is necessary to underline the human element across the entire IoT solution. There are likely to be multiple stakeholders at each layer, so there is a critical requirement to secure them all.

Taking all these factors into account, it is crucial to partner with a trusted vendor that has a track record of helping enterprises securely transform their businesses. With the multiple layers in the IoT solution stack, it is important to test discrete parts, including hardware, communications and applications. The value that the IoT brings to business is centered around how all these discrete technologies and components work together.

When building an IoT solution, it is critical to test the overall program and understand how it is integrated. Once the component parts have been combined, solution testing should be carried out at regular intervals during design, development and operation.

With its vibrant ecosystem, in-house expertise, global reach, and depth and breadth of security products, services and professionals, IBM is uniquely positioned to offer advice and protection across the entire IoT solution stack.

Turning the Tables With Access to Expert Security Testers

Some companies might rely on automated testing, but these tools and scanners offer only part of the coverage you need. To get a complete picture, an expert human tester must probe the parts of the system that scanners can’t reach or that you haven’t thought of.

The X-Force Red team is made up of security testers who have decades of experience. They can link disparate events and read between the lines to distill complex information into understandable and actionable intelligence.

The other challenge is that your IoT solution likely includes hardware, software, infrastructure and communications that are provided by third parties. How can you be sure these components have been tested to the right levels? The X-Force Red team can provide a tailored security testing engagement that aligns to your IoT project. With each customer engagement, the team becomes even more experienced, learning the latest vulnerabilities and cybercriminal techniques to find uncommon exposures in your solution.

Your pioneering IoT project is supposed to be an emerging line of business and source of revenue for your enterprise, not a security exposure that might tarnish your brand reputation. It is better to leverage the X-Force Red team’s insider knowledge to generate an effective incident response plan than to wait and hope for the best. The team uses industry standards and custom-built tools to address the context of how you are deploying each discrete piece of technology across the entire IoT solution stack.

Adapting to Change

The need to secure computing systems will always evolve, and IoT solutions are not immune to this requirement. As you get more and more feedback from customers, your use cases will also evolve, and so will your plans and architecture.

To interactively adapt your IoT solution and remain competitive in the marketplace, you will need to build security into your solution. Access to on-demand expertise via the X-Force Red team will enable you to apply security testing as your project plans change.

Gaps — even serious and important ones — are usually cheaper to fix when you are designing and scaling out your solution in preproduction systems. The testing expertise of X-Force Red can help identify these gaps and fix them sooner rather than later. These experts provide responsive and proactive analysis of the issues in your solution as they are discovered. The Red Portal securely delivers test progress and results as the team finds them, allowing clients to respond sooner.

Start exploring the IBM Watson IoT Platform today with a free trial.

Try a Free Trial of the IBM Watson IoT Platform Today

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…