› Forums › Security › Discussions (Security) › IoT Security Lessons From Recent Projects
Tagged: Governance_G12, Security_S12, Tips_G9
- This topic has 1 voice and 0 replies.
-
AuthorPosts
-
-
December 12, 2018 at 8:00 pm #27281
#Discussion(Security) [ via IoTForIndiaGroup ]
We don’t have to look too deeply to find practical ways to protect IoT operations. In this post, we will cover three common issues facing IoT projects and best practices to resolve.
Lesson A – Message metadata can be leveraged to secure dispersed data distribution
Lesson B – Legacy control equipment will often be the “weakest link”
Lesson C – Vendor “fine print” may create data leakage leading to increased risk
Again, George Cora has an example of a recent “ fine print” example:
“A well-known IoT company has a legal disclaimer with their products that states that their cloud ‘gathers information from users, which may be comprised of … personally identifiable information’. It then goes on to say that ‘We do not consider the name, title, business address email or telephone number of an organization and/or employee of an organization …’ to be ‘… personally identifiable information …’. This is a case in point to look very clearly at the legal disclaimer. Some businesses will collect your or your client’s information and sell it or use it as they see fit. That is their business plan, and it is up to you to check because if the release of user information is specific enough, this can in turn, disclose information on the users of the particular IoT network. Potential intruders of the IoT network will now have specific user information to leverage through social engineering attacks. The end result is a risk increase to the IoT network.”
-
-
AuthorPosts
- You must be logged in to reply to this topic.