Are You Being ‘Reasonable’ ? Why World-First IoT Security Law Will Affect You
California recently became the first state in the USA to enact legislation regarding the cybersecurity of IoT enabled devices. From January 2020 the law will require a manufacturer of a connected device to, ‘Equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit.’
This law has been created due to the massive surge in IoT attacks. IoT attacks increased 600% between 2016 and 2017. As more devices go online this is only likely to increase unless we take action.
Malware targeting IoT vulnerabilities hit almost half of all global organizations last month, with networking and IoT attacks more than doubling since May, according to Check Point’s monthly report. In 2016 the infamous Mirai botnet took down major websites including Netflix, SoundCloud, Spotify, and Twitter.
Due to its economic size (if California were a country it would be the fifth largest economy in the world) the state holds a lot of sway. If companies are required to improve their products’ security to sell them in California’s huge market then it’s likely that these same changes will appear across all markets. In addition, California’s influence in the tech world means that similar legislation may soon follow in other states and countries.
Staying ahead of the law, and the hackers
No one wants to be caught on the wrong side of the law when it comes to customer privacy, personal data, or cybersecurity. Legislation is only likely to get tougher and the consequences of erring/transgressing more expensive. The General Data Protection Regulation (GDPR) came into force in Europe earlier this year and the UK’s Information Commissioner’s Office recently issued the first GDPR notice. By making sure your systems are safe you can sidestep the risk of a prohibitive fine or, perhaps worse, a loss of customer confidence in your brand.
However, we’re faced with several issues regarding the security of IoT enabled devices. Most IoT devices don’t have the capacity to process traditional firewalls or anti-malware and some cannot be easily updated or patched, making them particularly vulnerable. So how can you ensure that your IoT device is equipped with ‘reasonable’ security when so much of the hardware is simply not capable of supporting these kinds of features?
Staying legal and ‘reasonable’
It may not be practical, cost-effective or even, in some cases, possible to make changes to your hardware. If you have existing IoT devices which do not have the functionality necessary to secure them then the best step is to make sure that your network is virtually unbreachable. Essential data is continually being passed between IoT devices so you need a system that allows the right things through in a timely fashion while also being vigilant to any unusual activity.
Pod Protect analyses your network traffic and learns what is normal for your device. It will then alert you to anything out of the ordinary. It is extremely sensitive to anomalies. As hackers become more prolific and their methods more advanced, it is possible for them to lie latent on the network and siphon data without creating noticeable changes. If you don’t have a very sensitive network monitoring probe it is difficult to detect them.
Pod Protect is non-invasive and compatible with even simple IoT devices (which in all likelihood would not be able to support a firewall or anti-malware). This means that, to secure your devices, you wouldn’t have to make changes to your hardware. By monitoring your network traffic and alerting you to anything potentially problematic Pod Protect allows you to have superior oversight of what is happening on your network. It learns what is normal for your network so it won’t block legitimate traffic.
This, therefore, allows you to secure even devices which lack the ability to secure themselves. It also means that with one change you can upgrade the security of your whole network, alerting you to any unusual activity and allowing you to investigate further.
If you need extra security
Combining Pod Protect with Pod Connect is ideal for those who need an extra level of security. It uses private, dedicated connections, allowing you to circumnavigate the public network and the dangers associated with it. Data is transmitted quickly and safely without risk of interference.
Even though the requirement to ensure you have a, ‘reasonable security feature or features,’ may not yet be in force in your region why wait until you’re forced to act in haste? With extra levels of security you can effectively future-proof your network security solutions, meaning that you will be one step ahead of any legislation or wide-scale hacks that may occur in the future.