{"id":13161,"date":"2018-08-22T06:00:04","date_gmt":"2018-08-22T14:00:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/08\/22\/news-6928\/"},"modified":"2018-08-22T06:00:04","modified_gmt":"2018-08-22T14:00:04","slug":"news-6928","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/08\/22\/news-6928\/","title":{"rendered":"Back to Basics: Why We Need to Encourage More Secure IoT Development"},"content":{"rendered":"

Credit to Author: Mike Gibson| Date: Wed, 22 Aug 2018 12:05:33 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The Internet of Things (IoT) is radically reshaping the way we live and work. Before our very eyes, organizations are becoming more agile, efficient and cost effective to run, all while consumers marvel at the wonders of the smart home, fitness trackers and connected cars. There\u2019s just one major problem: Much of this new infrastructure is wide open to attack and abuse. Securing it will take a major multi-layered effort involving all ecosystem stakeholders.<\/p>\n

But it starts with manufacturing the products themselves.<\/p>\n

That\u2019s why we recently launched a new program designed to tap our industry-leading expertise in vulnerability research to help IoT manufacturers tackle security threats from step one.<\/p>\n

Threats are everywhere<\/strong><\/h3>\n

IoT security issues first broke into the users\u2019 awareness with the Mirai botnet of 2016. Attackers easily took control of tens of thousands of devices by scanning for and logging-in with the factory default credentials. The resulting botnet was used to launch some of the biggest Distributed Denial of Service (DDoS) attacks ever seen, one of which temporarily took out<\/a> some of the biggest names on the web. The threat of compromise still persists, with the FBI recently releasing an alert<\/a> warning of threats to routers, wireless radios, Raspberry Pis, IP cameras, DVRs, NAS devices and even smart garage door openers.<\/p>\n

The FBI findings show such devices could be recruited into botnets used to power credential stuffing attacks, click fraud, spam campaigns and more \u2014 as well as being used to help obfuscate the source of malicious traffic. But there are even more threats facing the corporate sphere: Insecure endpoints could be used to infiltrate enterprise networks in data stealing raids or sabotaged to disrupt business processes and factory output.<\/p>\n

Normally, when we discover vulnerabilities in products, we advise organizations to patch. But with IoT devices this becomes more problematic. Your typical IoT manufacturer may not be a specialist in software development, so it may not even have a software update mechanism in place. Even if patches can be issued, they may be difficult for end users to apply. This is especially true of large organizations that may be running thousands of IoT endpoints, potentially in mission critical environments that can\u2019t be switched off. Many more may be running without the knowledge of IT, if business owners have bought them for specific tasks.<\/p>\n

The Trend Micro Research difference<\/strong><\/h3>\n

In cybersecurity, there\u2019s a well understood rule: It\u2019s cheaper and more effective to fix a problem in the development phase than after it has left the factory. Nowhere is this truer than in IoT, where devices may never be secured once they leave the production line.<\/p>\n

That\u2019s why we invite IoT manufacturers to rely on the expertise and experience of Trend Micro Research and the Zero Day Initiative (ZDI). The ZDI<\/a> has been improving security for 13 years, and today runs the world\u2019s biggest vendor-agnostic bug bounty program, featuring more than 3,500 external researchers contributing to the program. The ZDI offers vendors guidance and best practices in terms of developing vulnerability disclosure processes and patching software flaws. After all, there\u2019s no point in collecting bugs without a clear plan to fix them.<\/p>\n

Beyond the ZDI, we invite IoT makers to send us their products for testing by other experts within Trend Micro Research, ramping up security even further. This way we can help evaluate an IoT vendors\u2019 products to identify potential vulnerabilities before they go to market.<\/p>\n

It\u2019s just one small step in what needs to be a universal effort involving the security industry, manufacturers, telco operators, developers, standards bodies and even lawmakers. However, it\u2019s vital to get the basics right first by encouraging the production of resilient, security-minded products.<\/p>\n

So, if you\u2019re a device manufacturer looking to differentiate on security in an increasingly competitive market, get in touch today to see how Trend Micro can help.<\/em><\/p>\n

The post Back to Basics: Why We Need to Encourage More Secure IoT Development<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Mike Gibson| Date: Wed, 22 Aug 2018 12:05:33 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The Internet of Things (IoT) is radically reshaping the way we live and work. Before our very eyes, organizations are becoming more agile, efficient and cost effective to run, all while consumers marvel at the wonders of the smart home, fitness trackers and connected cars. There\u2019s just one major problem: Much of this new infrastructure…<\/p>\n

The post Back to Basics: Why We Need to Encourage More Secure IoT Development<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[11512,10514,6269,19277,714,10415],"class_list":["post-13161","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-bug-bounty","tag-ddos","tag-internet-of-things","tag-internet-of-things-iot","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13161"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13161\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13161"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}