SlideShare a Scribd company logo

Principals of IoT security

Download as PPTX, PDF
IoT613, profile picture
IoT613

The document discusses the principles of IoT security, highlighting the significant security fears associated with the vast number of vulnerable IoT devices and the immense economic impact they have. It outlines major security challenges such as insecure web interfaces and insufficient authentication, emphasizing that many IoT manufacturers prioritize product functionality over security. The proposed solution advocates for a holistic, security-by-design approach and calls for collaboration among developers, manufacturers, and consumers to ensure the creation and use of secure IoT products.

Technology
1 of 15
Downloaded 34 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Principals of IoT Security Stephanie Sabatini, Cyber Security Professional
Principals of IoT Security Agenda Over the next 20 minutes we’ll discuss the following: The Fear • Be afraid (very afraid) The Challenge • IoT Security isn’t easy The Solution • Don’t be a statistic
The Fear Principals of IoT Security
IoT Security – The Fear • Baby monitors • Thermostats • Cars • Medical devices • Children’s toys • Toasters • Locks • ETC…
IoT Security – The Fear Gartner predicts 26 billion by 2020 • Revenue exceeding $300 billion in 2020 • $1.9 Trillion in global economic impact The financially motivated attacker has 26 billion targets and 300 billion reasons.
The Challenge Principals of IoT Security
IoT Security – The Challenge The top 10 security challenges with IoT: 1. Insecure Web Interface 2. Insufficient Authentication / Authorization 3. Insecure Network Services 4. Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software / Firmware 10. Poor Physical Security
IoT Security – The Challenge Many IoT producers aren’t committed to security like a major tech company would be. Toy companies, for example – Toys made by Mattel Inc. (Fisher Price brand) with internet connectivity have been hacked revealing names, ages and geographical location of children. They specialize in making toys – not security. These ‘things’ live differently than the traditional internet connected devices. Many attacks that we have seen so far take advantage of these differences. They exploit the differences. The challenge is applying security controls on non-traditional devices. The principal is the same, but the control itself needs to be adapted (or innovated) to fit the security gap. Network + Application + Mobile + Cloud = IoT
The Solution Principals of IoT Security
Perimeter Network Host Application Data IoT Security – The Solution Security by design and a defense in depth approach will consider security from the design phase to the end-of-life and destruction of information phase.
IoT Security – The Solution A holistic approach needs to be built in – not bolted on • The device (end point security) • The cloud • The mobile application • The network interfaces • Encryption • Authentication • Patching • Physical security • Data Destruction
IoT Security – The Solution Developers – build components securely using secure development methodologies and perform static code analysis. Infrastructure Support – build infrastructure with secure end points, detective and preventative controls. Testers – include all attack vectors in testing methodologies. Manufacturers – Due diligence! Check, test, audit – make sure that you are manufacturing a secure product by bringing experts to the table. Plan for sufficient budgets. Consumers – change passwords regularly, use encryption – use the technology safely.
The Conclusion Principals of IoT Security
IoT Security – The Conclusion • DO NOT TRY THIS AT HOME! • Experts! Call the experts! • Expert solutions can’t be matched by homegrown solutions. • DON’T PANIC • Defense in depth • Innovate!
Stephanie Sabatini Cyber Security Professional & Strategist Stephanie@sabatiniconsulting.com 514-895-8635

More Related Content

PPTX
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
 
PPTX
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
PPTX
IoT security patterns
Exosite
 
PPTX
IoT security
YashKesharwani2
 
PPTX
Presentation on IOT SECURITY
The Avi Sharma
 
PDF
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
PPTX
A survey in privacy and security in Internet of Things IOT
University of Ontario Institute of Technology (UOIT)
 
PDF
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
IoT security patterns
Exosite
 
IoT security
YashKesharwani2
 
Presentation on IOT SECURITY
The Avi Sharma
 
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
A survey in privacy and security in Internet of Things IOT
University of Ontario Institute of Technology (UOIT)
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 

What's hot (20)

PPTX
IoT security compliance checklist
PriyaNemade
 
PDF
IoT Security Elements
Eurotech
 
PPTX
Security of iot device
Mayank Pandey
 
PPTX
security and privacy-Internet of things
sreelekha appakondappagari
 
PPTX
Iot Security, Internet of Things
Bryan Len
 
PDF
IOT Security
Sylvain Martinez
 
PPTX
Introduction to IoT Security
CAS
 
PPTX
Security challenges for internet of things
Monika Keerthi
 
PDF
IoT Security Challenges
Forest Interactive
 
PPTX
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
PDF
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
PPTX
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
PDF
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
PPT
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
PDF
IoT/M2M Security
Yu-Hsin Hung
 
PPTX
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
PDF
IoT Security Challenges and Solutions
Intel® Software
 
PDF
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
PPTX
Security Testing for IoT Systems
Security Innovation
 
PPTX
Iot security amar prusty
amarprusty
 
IoT security compliance checklist
PriyaNemade
 
IoT Security Elements
Eurotech
 
Security of iot device
Mayank Pandey
 
security and privacy-Internet of things
sreelekha appakondappagari
 
Iot Security, Internet of Things
Bryan Len
 
IOT Security
Sylvain Martinez
 
Introduction to IoT Security
CAS
 
Security challenges for internet of things
Monika Keerthi
 
IoT Security Challenges
Forest Interactive
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
IoT/M2M Security
Yu-Hsin Hung
 
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
IoT Security Challenges and Solutions
Intel® Software
 
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Security Testing for IoT Systems
Security Innovation
 
Iot security amar prusty
amarprusty
 
Ad

Viewers also liked (20)

PDF
7 Strategies for Reducing IoT Cyber Risk
Hector Del Castillo, CPM, CPMM
 
PPTX
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
PDF
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
CA Technologies
 
PDF
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
PPTX
IoT based on cyber security in defense industry and critical infrastructures
UITSEC Teknoloji A.Ş.
 
PDF
Cyber services IoT Security
Gábor Nagymajtényi
 
PDF
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
PDF
Scaling IoT Security
Bill Harpley
 
ODP
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Mauro Risonho de Paula Assumpcao
 
PDF
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE
 
PPT
Smart Grid Cyber Security
JAZEEL K T
 
PPTX
Cybersecurity Skills Audit
Vilius Benetis
 
PPTX
A Year of Cloud First: Lessons Learned
Mike Chapple
 
PDF
Company Product Sheet
Now Corporation
 
PPTX
Deft
saddamhusain hadimani
 
PPTX
Overview of the 20 critical controls
EnclaveSecurity
 
PDF
Network Infrastructure Validation Conference @UPRA (2003)
Raul Soto
 
PDF
Ispe Article
David Stephenson
 
PDF
Designing for IoT and Cyber-Physical System
Maurizio Caporali
 
PPTX
Understanding the Risk & Challenges of Cyber Security
Neil Parker
 
7 Strategies for Reducing IoT Cyber Risk
Hector Del Castillo, CPM, CPMM
 
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
CA Technologies
 
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
IoT based on cyber security in defense industry and critical infrastructures
UITSEC Teknoloji A.Ş.
 
Cyber services IoT Security
Gábor Nagymajtényi
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
Scaling IoT Security
Bill Harpley
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Mauro Risonho de Paula Assumpcao
 
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE
 
Smart Grid Cyber Security
JAZEEL K T
 
Cybersecurity Skills Audit
Vilius Benetis
 
A Year of Cloud First: Lessons Learned
Mike Chapple
 
Company Product Sheet
Now Corporation
 
Deft
saddamhusain hadimani
 
Overview of the 20 critical controls
EnclaveSecurity
 
Network Infrastructure Validation Conference @UPRA (2003)
Raul Soto
 
Ispe Article
David Stephenson
 
Designing for IoT and Cyber-Physical System
Maurizio Caporali
 
Understanding the Risk & Challenges of Cyber Security
Neil Parker
 
Ad

Similar to Principals of IoT security (20)

PDF
The Evolution of Cybersecurity in the Age of IoT.pdf
Dark Bears
 
PDF
assignment help experts
#essaywriting
 
PDF
sample assignment
#essaywriting
 
PDF
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
PDF
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
DOCX
Final Research Project - Securing IoT Devices What are the Challe.docx
tjane3
 
DOCX
Final Research Project - Securing IoT Devices What are the Challe.docx
lmelaine
 
PDF
Strengthening IoT Security Against Cyber Threats.pdf
SeasiaInfotech2
 
PDF
Security for the IoT - Report Summary
Accenture Technology
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
DOCX
Final Research Project - Securing IoT Devices What are the Challe.docx
voversbyobersby
 
PDF
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
Dark Bears
 
PDF
IoT – Breaking Bad
NUS-ISS
 
PDF
[Webinar] Why Security Certification is Crucial for IoT Success
Electric Imp
 
PDF
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET Journal
 
PDF
Can you trust your smart building
Duncan Purves
 
PPTX
A_Review_on_Security_Challenges_in_Internet_of.pptx
abeeralmarboa134
 
PPTX
Introduction to IOT security
Priyab Satoshi
 
PPTX
The Present and Future of IoT Cybersecurity
Onward Security
 
PPT
Security Requirements in IoT Architecture
Vrince Vimal
 
The Evolution of Cybersecurity in the Age of IoT.pdf
Dark Bears
 
assignment help experts
#essaywriting
 
sample assignment
#essaywriting
 
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Final Research Project - Securing IoT Devices What are the Challe.docx
tjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
lmelaine
 
Strengthening IoT Security Against Cyber Threats.pdf
SeasiaInfotech2
 
Security for the IoT - Report Summary
Accenture Technology
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Final Research Project - Securing IoT Devices What are the Challe.docx
voversbyobersby
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
Dark Bears
 
IoT – Breaking Bad
NUS-ISS
 
[Webinar] Why Security Certification is Crucial for IoT Success
Electric Imp
 
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET Journal
 
Can you trust your smart building
Duncan Purves
 
A_Review_on_Security_Challenges_in_Internet_of.pptx
abeeralmarboa134
 
Introduction to IOT security
Priyab Satoshi
 
The Present and Future of IoT Cybersecurity
Onward Security
 
Security Requirements in IoT Architecture
Vrince Vimal
 

More from IoT613 (9)

PPTX
Smart City Next Steps
IoT613
 
PPTX
Funding basics - From Boots to Wings
IoT613
 
PDF
Autonomous Vehicles
IoT613
 
PPTX
Open source IoT
IoT613
 
PDF
Safety reliability and security lessons from defense for IoT
IoT613
 
PPTX
IoT planning for success
IoT613
 
PDF
What is the Natural Business Model for the Internet of Things - Blair Currie ...
IoT613
 
PPTX
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
IoT613
 
PPTX
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
IoT613
 
Smart City Next Steps
IoT613
 
Funding basics - From Boots to Wings
IoT613
 
Autonomous Vehicles
IoT613
 
Open source IoT
IoT613
 
Safety reliability and security lessons from defense for IoT
IoT613
 
IoT planning for success
IoT613
 
What is the Natural Business Model for the Internet of Things - Blair Currie ...
IoT613
 
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
IoT613
 
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
IoT613
 

Recently uploaded (20)

PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Doc9.....................................
SofiaCollazos
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 

Principals of IoT security

  • 1. Principals of IoT Security Stephanie Sabatini, Cyber Security Professional
  • 2. Principals of IoT Security Agenda Over the next 20 minutes we’ll discuss the following: The Fear • Be afraid (very afraid) The Challenge • IoT Security isn’t easy The Solution • Don’t be a statistic
  • 3. The Fear Principals of IoT Security
  • 4. IoT Security – The Fear • Baby monitors • Thermostats • Cars • Medical devices • Children’s toys • Toasters • Locks • ETC…
  • 5. IoT Security – The Fear Gartner predicts 26 billion by 2020 • Revenue exceeding $300 billion in 2020 • $1.9 Trillion in global economic impact The financially motivated attacker has 26 billion targets and 300 billion reasons.
  • 7. IoT Security – The Challenge The top 10 security challenges with IoT: 1. Insecure Web Interface 2. Insufficient Authentication / Authorization 3. Insecure Network Services 4. Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software / Firmware 10. Poor Physical Security
  • 8. IoT Security – The Challenge Many IoT producers aren’t committed to security like a major tech company would be. Toy companies, for example – Toys made by Mattel Inc. (Fisher Price brand) with internet connectivity have been hacked revealing names, ages and geographical location of children. They specialize in making toys – not security. These ‘things’ live differently than the traditional internet connected devices. Many attacks that we have seen so far take advantage of these differences. They exploit the differences. The challenge is applying security controls on non-traditional devices. The principal is the same, but the control itself needs to be adapted (or innovated) to fit the security gap. Network + Application + Mobile + Cloud = IoT
  • 10. Perimeter Network Host Application Data IoT Security – The Solution Security by design and a defense in depth approach will consider security from the design phase to the end-of-life and destruction of information phase.
  • 11. IoT Security – The Solution A holistic approach needs to be built in – not bolted on • The device (end point security) • The cloud • The mobile application • The network interfaces • Encryption • Authentication • Patching • Physical security • Data Destruction
  • 12. IoT Security – The Solution Developers – build components securely using secure development methodologies and perform static code analysis. Infrastructure Support – build infrastructure with secure end points, detective and preventative controls. Testers – include all attack vectors in testing methodologies. Manufacturers – Due diligence! Check, test, audit – make sure that you are manufacturing a secure product by bringing experts to the table. Plan for sufficient budgets. Consumers – change passwords regularly, use encryption – use the technology safely.
  • 14. IoT Security – The Conclusion • DO NOT TRY THIS AT HOME! • Experts! Call the experts! • Expert solutions can’t be matched by homegrown solutions. • DON’T PANIC • Defense in depth • Innovate!
  • 15. Stephanie Sabatini Cyber Security Professional & Strategist [email protected] 514-895-8635

Editor's Notes

  • #9: IoT devices are often sold or transferred during their lifespan, they are connected for longer periods of time, they do not follow a traditional 1 to 1 model of users to applications