Many IT security professionals are concerned about IoT security breaches and with good reason. Wearable devices in particular pose a big security risk. Many industry professionals believe IoT security breaches are difficult to prevent. However, according to the Online Trust Alliance, while security issues exist with IoT devices, the problem is not insurmountable. In fact, the majority of IoT breaches could have been prevented.
The problem is not the devices themselves, but poor security policies at many organizations. The Online Trust Alliance says IoT security breaches can be prevented with traditional strategies. However, doing nothing to prevent breaches is not an option.
As OTA President and Executive Director Craig Spiezle explains, “If businesses do not make a systemic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”
The Online Trust Alliance has been working on developing an IoT Framework to help organizations protect IoT devices. OTA has analyzed whether using the Framework would have resulted in IoT security breaches being prevented. OTA determined that it the majority of cases data breaches could have been prevented.
In most cases, security breaches were actually the result of poor security policies. Organizations employed poor credential management policies and failed to perform security testing. There was also a distinct lack of planning for addressing security vulnerabilities with IoT devices. Unfortunately, many manufacturers of the devices are in too much of a rush to bring new products to market and are failing to address privacy and security issues.
“Security starts from product development through launch and beyond, but during our observations we found that an alarming number of IoT devices failed to anticipate the need of ongoing product support,” says Spiezle.
The OTA Framework includes 31 principles for addressing privacy, security, and sustainability of IoT devices. By adopting the Online Trust Alliance’s IoT Framework it is possible to prevent the majority of IoT data breaches.