IoT Cybersecurity – CyberNews – IoT Devices are Gateways for a Cyber Breach
Below is an excerpt from an interview by CyberNews with Veridify Security CEO Louis Parks related to IoT Cybersecurity.
Because of the pandemic and the rapid digital transformation, IoT devices were left forgotten, becoming common targets for cyber felons as well.
Small IoT devices and connected building systems can introduce unseen security issues. Consequently, many businesses are unaware of possible data breaches and cannot correctly manage the system. This can result in major financial losses, reputational damage, and other issues.
To find out measures that are essential to maintain the most efficient IoT devices and connected building systems, Cybernews interviewed Louis Parks, the CEO of Veridify Security – a company that specializes in IoT security.
How did Veridify evolve since its launch in 2004?
Since our launch, Veridify Security has been focused on developing asymmetric cryptography algorithms and tools for low resource microcontrollers. In 2019, the company began to focus on addressing the difficulty in securely deploying and managing low-resource devices with a focus on Smart Buildings and Industrial IoT applications.
Can you introduce us to your IoT cybersecurity solutions? What are their key features?
Veridify provides an end-to-end software solution for IoT cybersecurity that includes secure supply chain and credential management, in-field provisioning, secure firmware updates, and ongoing real-time protection from cyberattacks. Our core product is DOME™ which consists of several components and delivers a Zero Trust solution to devices at the edge of an Operational Technology (OT) network. Our solution includes DOME Server for SaaS-based credential management and security dashboard, DOME Interface Appliance to provide local device management and provide a single point of cloud access, DOME Client, which embeds into OEM devices for security, and DOME Sentry, which provides security for existing devices.
You describe your tools as quantum-resistant. What are the most concerning threats surrounding quantum technology?
Today’s encryption technology is secure against existing computing technology. However, the advancement of quantum computing will enable at least two known attacks to run and overcome today’s legacy methods like ECC and RSA. There will be billions of devices deployed that will be broken or rendered insecure by attacks driven by quantum computers even with larger key sizes and signatures. As it relates to operational technology (OT), such as building automation systems, these systems will either have to be secured by quantum-resistant methods or be increasingly exposed to quantum-based cyberattacks leveraging Shor’s and Grover’s methods. These attacks can disrupt building operations, create safety issues, and result in financial loss and liability.
How did the pandemic affect the IoT scene? Have you noticed any new security issues arise as a result?
The pandemic dispersed millions of people to their home offices for remote work, leaving many IoT devices forgotten or physically inaccessible for almost two years. In addition, many of these devices have not received firmware upgrades or been checked for suspicious behavior.
In your opinion, why do certain companies struggle with securing their IoT devices?
Many companies do not know about the security issues of their IoT devices or how a seemingly simple device can be used as a gateway for a serious cyber breach. The well-known Las Vegas casino hack using a fish tank thermometer is a textbook case.
Additionally, what are some of the best practices organizations should follow when it comes to IoT security?
Some best practices for IoT cybersecurity include:
- Password management
- Secure firmware updates
- Zero Trust environment
- Device-level security
- Strong Public Key methods
In this age of ever-evolving technology, what do you think are the key security measures everyone should implement on their devices?
Many things can be done to improve security posture, including basic things such as password management. Veridify is focused on securing device-to-device applications where no human may interact with the system. Our methods are aimed at stopping cyberattacks from impacting operations. This includes creating a Zero Trust environment in which all devices need to be authenticated and all network traffic is secured and encrypted, as well as firmware updates and providing a secure boot for all devices.
Would you like to share what’s next for Veridify?
Veridify looks to expand DOME and its ability to provide strong future-proof protection to cyber-physical systems in a range of market sectors. Many solutions in the cybersecurity market today provide monitoring, visibility, and alert solutions but do not protect a system. We will be focusing on making the market aware of our real-time protection capabilities – and this will include increasing our base of strategic partners and systems integrators to better serve the market.
Link to full article.