A major concern in the niche cybersecurity field of DevSecOps is microservices and container security. Just as true in cybersecurity as it is in athletics, building and maintaining great defense lifts an operation out of constant “fire-fighting” mode and up to a place where it can be proactive about growing the business. The thing to remember is that great cybersecurity begins with great security planning. As Benjamin Franklin advised, “A failure to plan is a plan to fail.”
For the billions of mobile and IoT devices that are used within organizations, IoT security professionals must consider using these IoT security solutions. According to research presented in a Cisco infographic, the number of “things” connected to the internet exceeded the number of people connected way back in 2008, and many analysts started reporting that there were more mobile devices on Earth than people starting back in 2014.
When you think of networks as being structured in the seven layers of the ISO-OSI model, it makes sense that cybersecurity threats can happen at any layer. We can think of these layers as the “links” in our metaphorical chain. Moving outward from the user, data is entered into the network through software running on the Application layer. Through the Session, Transport, Network, and Data-Link layers and arriving at the other end, the Physical layer, the data travels back up the seven layers to arrive at its intended destination. Each layer has its own protocols and other communication standards that govern its efficient operation. So, you may be asking, where is the Security layer? Where does security fit in? The answer is “Yes.”
The first portion of 2020 demonstrated that no environment is immune to malware attacks. We have witnessed threat actors developing new tool sets and techniques, targeting corporate assets stored on cloud infrastructure, individuals’ mobile devices, trusted third-party suppliers’ application and even popular mail platforms.
Many times the threat of not securing IoT devices is not an attack on the device itself, but an attack on the company's larger infrastructure resulting in financial and productivity loss. Gartner claims there are will be over 7 billion connected “things” for business use by 2020. International organizations in particular must now ensure they build security into every new IoT system, or face compliance issues from GDPR and NIS Directive regulators. US firms are going to invest the most in IoT in the coming 12 months: $2.8m. There’s a sizable minority (42%) of organizations involving security teams early on in IoT projects, but conversely the largest number globally (72%) who claim they always define their security needs during projects. However, just 34% said the CISO is ultimately responsible for IoT security, among the lowest worldwide. The company board may discuss the incident recovery plan but have little oversight of the way the company is securing IoT devices in the first place.