“When will organizations start to get serious about IoT security projects?”
When the increasing number of attacks leverage the scale that IoT enables to compromise high-value targets, “that’s when we’ll see a wake-up call in the industry,” Pradeep said. He likened that wake-up call to what the retail industry experienced when hackers gained access to Target’s database and stole customer data via credentials lifted from a third-party vendor.
As evidence that businesses still haven’t “woken up” to the risks of IoT security, when asked how many in the room allocate money for IoT security in their budgets, only four of the more than 40 people in the audience raised their hands.
Pradeep shared his views on IoT security issues during a wide-ranging discussion at the Dallas event. In addition to Southwest’s Pradeep, leaders from American Airlines, Grubhub, Microsoft, Juniper Network and EY will share their advice on securing the IoT during the two-day conference. The event will cover cloud security, blockchain and distributed ledger technology.
Pradeep advised balancing security needs with costs, and for IoT security checklists to be topped with looking at security and privacy concerns to ensure compliance. Those checklists must also include hardware and connectivity. It’s crucial to make sure that the devices brought into the company network are actually needed by the business and not just borne of a need to get “a newfangled device to play around with.”
When asked about the industry’s hesitancy on pushing IoT environments into the cloud, Pradeep offered: “Whether it’s in the cloud or not, it still needs to follow certain security principles. Take those same principles you designed your on-premises system with, and take it with you to the cloud.”
What’s more, developing standards in much the same way as network protocols and TCP/IP shaped up will be important to ensure IoT device interoperability, according to Pradeep.
“I think there will be more of a consortium formed to develop that sort of framework,” he said.