ITSPmagazine chats with Ted Harrington, Executive Partner, Independent Security Evaluators. Here are some of the highlights from the in-depth conversation:
- Independent Security Evaluators focus on IoT centered around trying to understand the various trends and security vulnerabilities that exist in the multitude of connected devices. The team then tries to articulate solutions to any adversarial challenges uncovered.
- Ted's basic definition of IoT is it is comprised of devices that are connected to the Internet. From a security standpoint, it effectively introduces vast new attack surfaces and new ways that attackers could violate the host environment.
- No matter what IoT devices anyone may be talking about, they all have implications well beyond what appears on the surface.
- Today the modern adversary uses whats called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim.
- For the average consumer, Ted recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.
- Security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don't know how to articulate it. The manufacturer should deliver the security "features" clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.
- Ted is not a proponent of regulation as a security measure. Ted sees it fail time and time again because it is usually out of date and the adversary has already evolved.
Ted Harrington, Executive Partner, Independent Security Evaluators