IoT Cyber Security with Claudiu Popa (Part 2)

1) How do you stay current on emerging threats?

Security is about doing the right things in layers. As long as your protection is supplemented by additional measures that complement instead of interfere with one another, your business strategy is sound. New threats come with new technologies. Any changes bring about the need for a risk assessment to understand attack vectors that could be exploited. Once understood, it’s a straightforward approach to applying layered safeguards around the new systems and applications to control the risk.

2) What is included in a strong disaster recovery plan?

Disaster recovery planning is about having the foresight to anticipate the impact of different adverse scenarios. The more of these that can be anticipated, the more confidence an organization has of surviving a disruptive interruption to its operations. The key aspects of a strong disaster recovery plan are a) the planning itself: anticipate adverse events and put controls in place to mitigate the risk b) test the safeguards: although you cannot easily test for natural disasters and large scale infections, you can take systems out of commission and measure the time it takes to recover them. c) find bottlenecks and resolve them. See what takes the longest and spend the time and/or money to invest in improved recovery outcomes (for example by using redundancy for critical network devices, hard drive arrays to prevent downtime due to drive failures and DDOS protection to defuse denial of service attacks with the potential to flood the company’s systems).

3) How do we ensure that our software and devices are up to date?

Patch management is a recurring process that depends on an asset inventory and company-wide visibility into devices, systems and applications. All assets must be periodically reviewed and updates must be applied as soon as possible. For critical systems, organizations must first have a plan for testing the updates before risking to destabilize the operational functioning of the organization with what could be a faulty update. It can be tricky, but the alternative could be a data breach occurring due to an un-patched vulnerability lurking on the local network.

4) What authentication methods are used to control access to systems and data?

Most companies use username and password authentication to determine whether to grant access to a user. Unfortunately, these credentials are simply information that can be stolen by an attacker to impersonate a legitimate user. Ideally, the password access methods should be augmented with a second factor, something that the legitimate user has on his or her person to identify them as the account holder. This can be a code on their phone or a hardware token with a code that should expire after a few seconds. The combination of the first factor (password) and second factor make the job of uniquely identifying a user much more trustworthy and should be used as often as possible.

5) How do we make sure our partners and suppliers protect the information we share with them?

Supply chain security is one of the biggest security challenges of our time. Ensuring that other firms protect data to the same degree starts with policies that should be reviewed for alignment and continues with a 3rd party risk assessment to ensure that companies do what they say in the policied.