Chase Cunningham, Cynja: IoT security isn’t really even a thought right now.
What we are seeing is the emergence of the “next” Internet. With new protocols, communication mediums and applications but no consideration for security. Sadly, we are seeing kids become the first vic-tims of IoT exploits. In the past few weeks, we’ve learned that Barbie isn’t just a pla-stic doll with a house of your dreams any-more. Instead, she’s a vector of attack that hits kids right in their own home. And parents who gave their child a Kidizoom world of IoT and build systems that allow families to better control their family’s data, allow parents to see what data IoT devices are collecting and alert them when those data are stolen. What we’ve learned this year is when it comes to IoT toys, trusting a company's "reasonable measures" isn't enough. As a dad, I’m do-ing somethdo-ing about this and builddo-ing better protocols for kids’ digital lives. They deserve better than what we’re using to-day.
Leon Kuperman, Zenedge: Yes, companies like CUJO are making waves by protecting both IoT and mobile devices on home and SMB networks.
Wade Johansen, CouriTech LLC: Security is already paramount, but it will not grow as quickly as IoT itself. Products often are rushed to market just to get brand reco-gnition, this often means security is left behind. In this case, you’ll see security follow after breaches, etc., and when it becomes a regulation concern. For a whi-le, though, it will be the wild-wild west, just like the early dot-com days.
BroadTech Security Team: Definitely, we will have to wait because as I said earlier, many new startup vendors have no idea what it is. Wait, even Lockheed Martin could not figure it out while making $37 billion fleet of littoral combat ships for US Navy. Those new to IoT especially would need some time to figure it out :-).
Gerald Peng, Mocato: I am an optimist, and with IoT developing so quickly, I be-lieve that consumers and corporations will drive the need for increased security options and tools.
Ondrej Krehel, LIFARS: It’ll take time. Once the first major breach happens, it’ll explo-de.
Michael A. Goedeker, Auxilium Cyber Se-curity: We have to see security for IoT. We have answered that call by discussing exi-sting hacks today, at Davos and any other conference we are invited to speak at.
Waiting for security and processes, proce-dures to catch up to new tech is the same issue as previously, only now we are invi-ting attacks into our homes and family members. This is a totally new ball-game.
Mitchell Bezzina, Guidance Software: So-me vendors are already making claims to be able to help with IoT security, but they have the advantage of being first-to-market and attempting to define IoT secu-rity based on what they have to offer.
While more robust tools and technologies evolve to meet the challenge, the majority of IoT security efforts in 2016 are likely to revolve around testing, testing, and more testing. Take a look at Intel/McAfee for the current leaders in IoT security thought -leadership.
Wade Lovell, Simpatic: Fortunately, secu-rity will emerge alongside new IoT solu-tions and offerings. No manufacturer wants to be in the news as the attack vec-tor allowing the theft of confidential infor-mation or images.
Elizabeth Houser, Praesidio: Both. First-attempt security for the IoT will emerge along with new IoT solutions, otherwise manufacturers won’t gain confidence and purchases from consumers. There will, of course, be vulnerabilities discovered and privacy mishaps, most likely on a large scale in some cases, and security stan-dards will have to adapt accordingly as the IoT expands and evolves.
Alina Stancu, Titania: It is predicted that over 200 billion devices will be connected by 2020. This sheer explosion of devices attached to the network will lead to an increased threat surface. Security monito-ring will become essential and solutions will have to adapt at managing the num-bers. The silver lining is that IoT is still at a young stage and it appeared in a context frame-work will be safer by default.
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
David Clarke, VCiso: IoT will move from becoming unsafe to manageable security, the technology is there already.
The industry needs to learn from its mista-kes as it builds devices that connect via the Internet. Best practices security, such as using secure protocols for communica-tion or installing the latest updates, fixes and patches, are the starting point. In-novators must consider that future securi-ty will be managed automatically by the system instead of users, and designing secure technology will require a new approach and mind-set.
David Coallier, Barricade: Most definitely.
The SaaS tech-model wherein a platform that processes large amounts of data to come up with decisions will start emer-ging.
Irfan Shakeel, EH Academy: We will not have to wait; we will see the direct impact in the year 2016. We will see the research papers, findings /solutions, products to secure the IoT. It will change the business dynamics and the education as well.
Andrew Bagrin, My Digital Shield: Usually we have to wait because we need to know what it is we are securing and what the vulnerabilities are.
Stephan Conradin: We have to wait. Too many devices exist with poor security or no security at all. It’s impossible to change all devices and components very fast. Re-member migration from IPv4 to IPv6, not months or years, but decades.
Kenneth C. Citarella, Guidepost Solutions:
We must include new security with new developments. Waiting is too great of a risk.
Amber Schroader, Paraben Corporation:
We, as an organization, have been focu-sing on it for over a year now and will con-tinue to do so. IoT is here to stay and will only grow in popularity and connectivity which causes each individual's digital fin-gerprint to grow. There is also a great deal of interest from governments to safe-guard new connections and warn business and home users of the increased risks that arrive with connecting new devices.
Roberto Langdon, Nicolas Orlandini, KPMG: Again, Security Awareness is a must.
I NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
W HO IS
WHO
Kenneth Citarella Guidepost Solutions Senior Managing Director
Kenneth Citarella is a se-nior managing director for the Investigations and Cyber Forensics practice.
He joined Guidepost So-lutions in 2010 as a pro-ject manager to investi-gate fraudulent claims for the Gulf Coast Claims Facility in its administra-tion of the $20 billion BP compensation fund. In that capacity, Mr. Citarel-la supervised 300 pro-fessionals, including more than 200 field investigators.
Nearly 18,000 claims were referred for investigation;
many involved the financial analysis of a claimant’s bu-siness operations, including numerous construction-related entities. The project team wrote thousands of fraud reports which were described by an official of the U.S. Department of Justice as the finest body of investi-gative work he had ever seen.
David Clarke
David has experience across Finance, Telecoms, Public Sector including develo-ping CERT on a Financial Intranet trading $3.5 Trillion a day , Managed Security Services with a $400 million dollar Global install base, including Leading edge Product Selection ,implementation and architecture. In these sectors David has built Secure operations capabilities often from scratch, developed full Cy-ber incident response expertise , created , maintained and improved regulato-Amber Schroader
Paraben Corporation CEO & Founder
Throughout the past two decades Ms Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, com-puter hard drives, email, and live monitoring servi-ces. Ms. Schroader has taught and designed the established protocols for the seizure and processing of digital evidence that have been used by numerous or-ganizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to di-gital forensics” as well as started the momentum and push to the “Forensics of Everything-FoE” with her fo-cus to unique problems in digital evidence and solu-tions.
Michael A. Goedeker, Auxilium Cyber Se-curity: They will become easier and faster to use. There will be more emphasis on the value a tool has to security and where it obtains that information from.
Shay Zandani, Cytegic: The main evolve-ment will be in the cybersecurity manage-ment solutions field, due to the fact that already CISOs and other security person-nel are overwhelmed with the abundance of defenses, policies and procedures, and they must have a management system that they can use as a vehicle to streamli-ne and update operations and policies.
Andrew Bagrin, My Digital Shield: I believe endpoint will become less effective and will eventually go away.
Dennis Chow, Millar, Inc: We will probably see more advancements in prediction vs.
detection based tools with the addition of complementing tools that augment exi-sting gaps in things like access control, social engineering attack detection, and of course, more 0-day detection.
Ondrej Krehel, LIFARS: They will try to ma-ke things easier, adding more usability for untrained staff.
David Coallier, Barricade: Businesses de-serve security that isn't adversarial, com-plicated and confusing. The job of a secu-rity professional shouldn't be to stare at a screen all day but rather promote and encourage good security procedures and behaviour across the organisation. Both emerging and new tools are helping in solving that problem.
Wade Johansen, CouriTech LLC: More will focus on geographical information and isolation as well as virtual distribution mo-dels.
Julie Herold, Kenny Herold, Odin’s Eye:
Increased reliance on existing automated tools to help companies achieve com-pliance to avoid financial penalties and less investment and focus on manual as-sessments. As a result, automated tools that typically scratched the surface will mature as the compliance and regulatory demands increase. The increase in de-mand will force vendors coding tools to be more and more sophisticated and ac-curate and easier for anyone to utilize.
Stephan Conradin: No real changes as tools are not designed with security at the design. We’ll have nicer interfaces and still 50 security patches per year.