The term Internet of Things (IoT) has almost been beaten to death at this point, as more and more security integrators, manufacturers and customers take advantage of the ability to increase connectivity between devices (and therefore take on the dangers this introduces).

But the methods by which we interact with the IoT and protect its devices are still catching up, which means security manufacturers must take part in shifting their focus toward safeguarding data, engaging in vulnerability testing of products and incorporating stringent protections at every stage of the product development process. One small leak or breach on a single connected device can potentially cause significant damage across an organization

Who Is Responsible For IoT Security?

One small leak or breach on a single connected device can potentially cause significant damage across an organization, creating a disruption within a company, affecting its assets, employees and customers. The continued question seems to be: Who is ultimately responsible for the security of IoT devices?

In a recent survey from Radware, a provider of application delivery and cybersecurity solutions, there was no clear consensus among security executives when asked this question. Thirty-five percent of respondents placed responsibility on the organization managing the network, 34 percent said the manufacturer and 21 percent chose the consumers using the devices as being primarily responsible. 

Several schools of thought Exist For Each:

  • The Organization

It's not surprising that most people see the organization as the main stakeholder for IoT security responsibility; after all, if a company is managing a network, one would expect it to protect the network as well.
One way that the organization can embrace this responsibility is by adopting a user-centric design with scalability, tactical data storage and access with appropriate identification and security features (for example, the use of multilevel authentication through biometrics in access control).
Organizations must also use their IT team to strengthen the overall cybersecurity of the IoT by keeping up with the latest software updates, following proper data safety protocols and practicing vulnerability testing.

  • The Manufacturer

Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved and effectively communicate them to the integrator or end user.
Providing the education necessary and dedication to protecting users of its equipment makes a manufacturer more trustworthy and understanding in the eyes of an end user. Ensuring encryption between devices is a key step that manufacturers can take to work toward achieving complete protection in the IoT.

  • The User

Despite the protection delivered by the organization and manufacturer, there's always the option for IoT security to be enhanced or possibly even diminished by the individual user. It's critical that best practices for data protection are in place every time an individual uses a device that is connected to the network.
These include disabling default credentials, proper password etiquette, safe sharing of sensitive information and the instinct to avoid any suspicious activity or requests. Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved

The short answer to the responsibility question is this: everyone. Each sector has a responsibility to contribute to the protections needed for IoT-enabled devices.

However, as a manufacturer, it is imperative that our teams think about each level of protection when developing products for public consumption, including how the organization implements the technology and how the integrator engages in training with users. 

IoT issues caused by organisations
Organizations must also use their IT team to strengthen the overall cybersecurity of the IoT by keeping up with the latest software updates

Manufacturer Vulnerability Testing

One way that manufacturers can implement added protections against outside threats is by boosting their attention to security protocols in the product development stage. For some, this requires a different approach in the design and development of security systems. Identifying vulnerabilities is at the core of this.

A security vulnerability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the system such as mishandling, deleting, altering or extracting data. Increased connectivity makes these vulnerabilities more of a liability, as IP-enabled (or networked) devices are more likely to be breached by outsiders looking to permeate an organization and collect valuable data. 

A security vulberability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the systemWhile some of these hacks are a little more “simple” in nature — such as outsiders trying to guess a password using manufacturer-set passwords — others are more complex, such as a denial-of-service, where attackers attempt to overload the system by flooding the target with excessive demands and preventing legitimate requests from being carried out. This makes it virtually impossible to stop the attack by blocking a single source.  

As a result of these potential threats — and to help manufacturers deliver best-in-class products — it's imperative that vulnerability testing is done throughout a product's development, starting at phase one in the process.

This includes analysis of the type of cyberattacks that can potentially attach, breach and disable a system. Many manufacturers attempt to hack their own products from within the organization — or even go as far as hiring a third-party professional group to do it for them. 

Success In A Volatile Technology Landscape 

This kind of development puts a product through rigorous levels of testing, and once weaknesses are exposed, they can be patched up and the cycle of attack-and-defense can take place until the product is protected fully and ready for market.

Skipping this step in the development process can open manufacturers up to significant liability, so it's important for this testing to take place and corrective actions be taken to rectify gaps in security. The more extensive an organization's security testing approaches are, the better are its chances of succeeding in an increasingly volatile technology landscape. 

But the testing doesn't stop in the development stage. Attacks on a system continue long after the product has been introduced to market, requiring continued updates to be made available in an effort to protect customers. Manufacturers are tasked with implementing further firmware updates to keep a product in the field readily prepared to revoke the latest critical bugs that can affect the market. 

What End Users Demand From Security

We're seeing a significant shift in the education and demand from a customer perspective. In the past, consumers took the advice of integrators and consultants as far as the “right” security systems to install for their needs. Today, the self-education of end users is on the rise as more and more IT departments become involved in the selection and investment of physical access control systems. We're seeing a significant shift in the education and demand from a customer perspective

A larger number of end users are demanding security products that meet IT standards of network protection, and they take these considerations into account when working with integrator partners on the selection of systems to meet their needs.

As a result, manufacturers are tasked with not only developing robust IoT-centric products, but also continuing to be involved on a regular basis in an effort to continuously keep organizations safe. 

A comprehensive security strategy from manufacturers must involve multiple levels of product selection, testing and integration — centered on the team-based approach to implementing training and protocols within an organization.

While manufacturers are stepping up their game in the development of robust products, this remains a team effort that must be addressed every week — not something you implement, then forget about. The safety of data — and the entire organization — depends on it.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Kim Loy Director of Technology and Communications, Vanderbilt Industries

In case you missed it

How ISC West Has Changed The Game In Security Over The Years
How ISC West Has Changed The Game In Security Over The Years

Being in the physical security industry for almost two decades has been an exciting journey, with significant changes that have impacted the world of security. Companies today must be proactive when it comes to securing their facility and are lucky to have so many choices when it comes to security technology. From the beginning, the ISC West show was always at the forefront of new technology and brought together the very best technology and industry professionals in the “City of Lights”. Back in 2001 when I first entered the security world, video surveillance was the key driver, and transitioning from analog cameras to IP video cameras was the talk of the town. In the early 2000s, the ISC West show was filled with video manufacturers showcasing their new IP cameras and the IT folks were just starting to get involved with the security decisions.  Back then the ISC West show consisted of a myriad of video manufacturers exhibiting their camera lines. Where now in 2020 the high-profile enterprise-level camera manufacturers dominate the show floor. Over the last two decades, keeping up with the technology advancements of IP cameras was a difficult feat for most camera manufacturers and the high-profile manufacturers who had the funds to invest in R & D were the only ones that survived. Changing the game in video surveillance and access control  In the early 2000s, the ISC West show was filled with video manufacturers showcasing their new IP cameras Another huge change that our industry has seen over the years was the increase in the number of acquisitions. Smaller security manufacturers started being acquired by the larger ones, which changed the game in video surveillance and access control. In addition to manufacturers, large security integrators like Convergint Technologies & Anixter were also buying smaller commercial integrators and dominating the market. At ISC West today, you will see predominately high profile – big name manufacturers and integrators where the smaller companies were either acquired or went out of business.    Revolutions in the industry The security industry also faced a huge revolution with three major technologies driving growth in the security market – Network-based technologies (IoT enabled solutions), Access Control as a Service (ACaaS) and Mobile Credentials. ISC West saw this evolution coming and created specific educational seminars dedicated to these topics. Another big push that came into play in the last few years was being able to integrate a host of technologies like video and access control by using an open architecture platform. Many partnerships were formed in the security industry due to this massive push for integration. At ISC West, we now see many companies having their partners sharing booth space. This helps reduce costs for exhibitors in addition to giving smaller companies credibility by being recognized with the bigger players in the industry. In addition, ISC West makes it easy for attendees to plan out their show schedule in advance with the mobile app; creating a convenient way to access show information from mobile devices.  From the beginning, the ISC West show was always at the forefront of new technology Emerging excitement  Today, ISC West continues to be an exciting show that is jammed packed with educational sessions, networking events, and new pavilions that help segment the security industry into different sectors. An example of some new technology pavilions includes drones & robotics, loss prevention & supply chains, and emerging tech. All new start-up companies that are 5 years old or less can be part of the emerging tech section of the show. Here entrepreneurs can unveil new and upcoming security technologies; creating a win win situation for any size business looking to make its name known in the industry. New technology, innovations and rising trends Another huge focus at the ISC West show is public safety. A full range of solutions are offered at the Public Safety Pavilion including barriers/bollards/gates/perimeter security, surveillance, access control, and alarms - along with innovative technologies for gunshot and drug detection, license plate recognition, acoustics, facial recognition and AI, connected vehicles, communication systems and devices, alerts and monitoring, and active shooter solutions Today, ISC West continues to be an exciting show that is jammed packed with educational sessions, networking events, and new pavilions and training. Virtual reality demonstrations have also been available at the show to help attendees with preventative measures when it comes to school and public safety. Some new vape and metal detection technology built on the IoT concept will be featured at ISC West 2020 to help combat the vaping epidemic in our country. With active shooter incidents on the rise, metal detection and perimeter protection at schools will be an important part of the show. Awards and showcases When it comes to show press, we have also seen an influx of awards for security manufacturers that are exhibiting at the show. The major security publications have been offering manufacturers the opportunity to submit a product in distinct categories and win a prestigious award at the show. This creates “buzz” about your product and great for social media postings. Live video interviews at an exhibitors’ booth has also become a very popular tool to increase brand awareness and thought leadership for exhibitors. The ISC West show offers numerous ways to drive traffic to your booth and promote new product launches seamlessly. Over the years, the show has created a conduit The ISC West show offers numerous ways to drive traffic to your booth and promote new product launches seamlesslyfor manufactures and integrators to showcase new products and technologies to end users across multiple vertical markets.      At the top of the game  While the security industry continues to evolve, the one thing that stays constant is the wealth of information that ISC West offers to its attendees.  The show always brings together the latest technologies and thought leaders that will continue to change the game in security for years to come.

ISC West 2020's Education Conference Program: What Not To Miss
ISC West 2020's Education Conference Program: What Not To Miss

ISC West has been on a strong momentum path over the last 3 years, and has evolved to a comprehensive and converged security event – covering the spectrum of physical security, public safety, cyber-physical convergence, IoT/connected security, emerging technologies such as AI and Lidar, and advanced detection technology. Its notion of 'comprehensive security for a safer, connected world' encompasses both the integration of key technologies along with the need for cross-functional teams collaboration – and themes of workforce development and diversity in security.  Along with its premier sponsor SIA (Security Industry Association), a highlight of ISC West is the SIA Education @ ISC West conference program. With over 80 sessions (via a paid conference pass) and high-profile keynotes (open to all badge types), the event provides a strong combination of education/training along with a large expo floor (over 300,000 of exhibit space) and a total of 30,000 expected attendees. Here are some examples: Day 1 Keynote: Wednesday, March 18, 8:30-9:30 a.m. Scaling Enterprise Risk Management at the Speed of Global Transportation Charles Burns, head of security – new mobility, Uber, will explain how Uber navigates a challenging landscape by using technology to enable their business, secure company assets and ensure the safety of riders and drivers globally. Day 2 Keynote: Thursday, March 19, 8:30-9:30 a.m. On the Edge of Transformation: Securing a Connected Future With IoTBrought to you by: Amazon Web Services (AWS) Michael MacKenzie, general manager, Amazon IoT Connectivity & Control, AWS, will explain how AWS IoT enables organizations to protect the evolving security-focused Internet of Things ecosystem, built on the rapidly progressing marketplace underscored by the convergence of our digital and physical worlds, in order to secure the connected world of tomorrow. March 18, 2020, 9:45 AM - 10:45 AM "I Dreamed a Dream": Leading in the Smart/Safe/Connected City Revolution: There are millions of devices already deployed in cities across the country and around the world. With billions more coming, those devices have a significant impact on the delivery of a range of services including safety and security. In this session, there will be a discussion of how to form a smart/safe/connected city strike force to create a positive business environment and mitigate public safety threats. March 18, 2020, 9:45 AM - 10:45 AM Security on The Ledge: Transforming Willis Tower, an American Icon: As a DHS SAFETY Act designated site, balancing the demands of the building’s distinction with the competitive leasing market and trends toward open, collaborative workspaces is a challenging feat. This session will explore how the design team weaves physical security and technologies into the renovation, embracing a five-star operational experience in this high-population, high-throughput symbol of Chicago. March 19, 2020, 1:00 PM - 2:00 PM How Robotics Enables Cybersecurity With a Human Touch: Access control is a vital element of any cybersecurity program. It can tell you who has badged into the system, but not who is actually on the premises. By integrating robots into a security team, it can capitalize on robotics technology with a human factor to help security managers know who is in the facility after hours, and to protect an organization from cyber breaches. March 19, 2020, 11:00 AM - 12:00 PM Diversity & Inclusion in the Security Industry – Your Questions Answered!: Do you know the meaning of (and the difference between) “diversity” and “inclusion”? Do you know how diversity and inclusion (D&I) can contribute to your business goals and help achieve competitive advantage? This session will explore the importance of D&I to the success of the security industry now and in the future. March 19, 2020, 3:30 PM - 5:00 PM DHS Town Hall Meeting @ ISC West: Enhancing Security and Doing Business at the Speed of Life: DHS is changing the way they do business in areas of contracting, tech-scouting, and experimentation. They are seeking new ideas and partners to enhance security and accelerate technology solutions. This meeting will explore what DHS is doing to ensure things like passenger checkpoints, cargo container screening, and first responder operations. (note: OPEN TO ALL BADGE TYPES) “SIA and ISC West deliver the most robust and compelling educational programming possible through the SIA Education@ISC West conference program,” said Dr. Elli Voorhees, director of education and training at SIA. “Each year, SIA volunteers review many expert conference proposals to determine the most cutting-edge sessions and topics that will drive success for the industry.”   See the full list of education sessions.

An Insight Into 2020's Upcoming ISC West Events And Attendees
An Insight Into 2020's Upcoming ISC West Events And Attendees

ISC West attendees include physical and IT security professionals; dealers, installers, integrators, end-users (from various vertical markets), law enforcement/government officials, consultants, specifiers, architects, engineers, consultants, and more. Within the ISC brand, we are continuing to diversify and grow the number of attendees by attracting international visitors, as well as encouraging physical and IT/IoT teams to visit the show together.   Our VIP program, branded the ISC Executives' Club® program, attracts the highest level attendees who have buying power for their organization. Members include: high level end-users from government, education, healthcare, retail, casino gaming (and other verticals), national integrators (along with their End User customers), specifying security consultants, and independent dealers/installers with open projects and decision-making power. Some examples of Executive Club clients attending this year's event are the Department of Homeland Security, Apple, Google, San Francisco 49’ers, Sephora, AirBnB, and United Airlines, just to name a few. “We are so honored to have such dedicated and influential customers in our Executives’ Club program. They are among the top thought leaders of the physical/IT security industry, and we are truly grateful for their loyalty to our event brand”, said Sharon Kelley, ISC Attendee Relations Manager. The show floor The show floor has six featured areas to mirror the evolution of the converged security industry. The areas include: Public Safety, Smart Home, Connected Security, Emerging Tech, Drones & Robotics, and (new for this year) Loss Prevention & Supply Chain. The Emerging Tech and Loss Prevention & Supply Chain areas will be located in the Venetian Ballroom, along with the International VIP attendee lounge, and Venetian Ballroom Theatre, which will feature complimentary Drone & Robotics and Loss Prevention education sessions, along with the Mission 500 5k run/2k walk awards ceremony. At the show, you’ll see a new ISC re-brand that has created more identifiable segments and will assist with easier show floor navigations for attendees.The ISC Executives' Club® program attracts the highest level attendees There is never a shortage of special events at ISC West. Below are a few you won't want to miss: Charity Events (AIREF Golf Classic, Mission 500 5k run/2k walk) Awards Ceremonies (Sammy Awards, New Product Showcase Awards) Industry parties (SIA Market Leaders Reception, ISC West Customer Appreciation Party at TAO). These events are designed to enable attendees and exhibitors network with peers and forge new connections. Visit the ISC website for a list of all our Special Events taking place. Women in security SIA Women in Security Forum is thrilled to be hosting the second annual breakfast at ISC West In addition, the SIA Women in Security Forum is thrilled to be hosting the second annual breakfast at ISC West. “It’s great to see the security industry embrace this initiative and we hope signature events like this will continue to raise awareness of the importance of gender diversity as a competitive differentiator” states Kim Landgraf, SIA Liaison for the Women in Security Forum. This year’s breakfast will feature keynote speaker, Jaime Paris Boisvert, GM for Siemens Smart City Infrastructure.  Jaime will share her insights on leading strategy, sales, and operations whilst working closely with clients to deliver solutions that optimize buildings and infrastructure by improving energy efficiency, comfort, safety, and security. Looking beyond ISC West this March, the ISC Security Events portfolio for 2020 also includes the Expo Seguridad event in Mexico City in April, ISC Brazil in Sao Paulo in June, and ISC East in New York City in November (co-located with Infosecurity North America).