How the diversified IoT devices comply with cybersecurity regulations？
Publication Date: 2020 / 03 / 30
Original Source: https://www.onwardsecurity.com/laboratory/item/18
Coming to 2020, the development of Artificial intelligence (AI) and 5G is still in full swing. At the same time that 5G is entering the commercial phase, the development of Internet of Things (IoT) with the strength of the hardware industry has also become more vigorous. With the popularity of IoT, the cybersecurity threats of edge devices have increased. There are more and more security attacks trying to invade IoT devices, and then entering the core network to steal information and to commit fraud or other illegal acts.
However, the current pain point of IoT cybersecurity is that not only the related devices are varied, but the components in each device are also very diverse. This situation hindered IoT from having a single specification limit. In particular, the current global security regulations on IoT are very scarce. The lack of established regulations that can be followed makes it difficult for manufacturers to configure security protection mechanisms for the products they produce.
Since its establishment in 2014, Onward Security as a cybersecurity provider has been deeply involved in the IoT-related security fields. One of its main businesses is to prepare security solutions for IoT products produced by customers. Morgan Hung, General Manager of Onward Security said that currently IoT security has no international standards yet, so IoT products can only be regulated according to the IoT application industry and the regulations of the country or region where the product is to be exported. Besides, he also said that really needs a set of its own security standards. In addition to providing norms, manufacturers can also add value to their products because of improved security.
In the meanwhile, Morgan Hung pointed out that manufacturers may have cyber security awareness, but most of them do not know where to start working on it. Therefore, under the trend of increasing attention to cybersecurity, equipment manufacturers should take the long view and seek assistance as soon as possible so as to add value to their products by security protection measures.
Moreover, enterprises are increasing emphasis on DevOps practices to achieve the goal of sustainable development. In other words, it is to build a bridge between the development team and the IT operations team, adding automated processes and smooth communication to maintain the product life cycle. However, Morgan Hung indicated that security also plays a vital role under this trend, but it was ignored by enterprises. Therefore, adding security to DevOps becomes a new concept called “DevSecOps”.
Compared to DevOps, DevSecOps has a layer of security checks. Morgan Hung mentioned that in the past, product vulnerabilities could only be discovered after launching on the market, but now security issues can be simultaneously considered during development and design. Based on the DevSecOps principles, the security team can test the security vulnerabilities that may appear in the product during development. And under the communication between departments, the problem can be handed over to the development and operations team for further product adjustment and optimization.
In addition to IoT cybersecurity, Onward Security also provides internal security assessment for enterprises. Morgan Hung mentioned that according to his observations, enterprises were overconfidence and underestimated the cloud security when they are looking for digital transformation and are hoping to upload data to the cloud. As a result, they upload all data directly to the cloud without any protective measure. But in fact, the data security and cloud maintenance are the responsibility of the enterprise. The lack of alertness may cause information security threats.
Regarding the security trends in 2020, Morgan Hung said that the impact of the COVID-19 (New Coronary Pneumonia) epidemic has led to enterprises’ huge demand and use for remote offices such as Virtual Private Network (VPN) and Virtual Desktop Infrastructure (VDI). These applications will also cause an increase in the related security attacks and threats. Furthermore, the ransomware that has plagued enterprises for a long time will still be one of the major security threats this year. Due to the variety of attack methods, raising the security awareness of enterprises’ employees is the only way to reduce the chance of threats.
On the News