We must crack the code to hidden security risks before adversaries hit home
– Eli Kirtman
Were we privy to the nefarious actor’s playbook, we would see that intruders and insider threats alike share a motif deeper than the enterprise’s bottom line — to compromise its unknown vulnerabilities — and they’re targeting the plethora of security risks in the Internet of Things (IoT) technology to get there.
All the while, the full suite of executives is zipping through security protocols, ransom insurance policies and vetting third-party solutions to protect their devices from the inevitable Zero-Day attack.
An attack that security leaders may not see coming, unless they’re fuzzing in the right places.
Fuzz where adversaries wield power.
Considered one of the most effective technical methods to discover unknown vulnerabilities, fuzz testing analyzes and learns how the device we’re creating responds to normal and abnormal conditions during the software development life cycle (SDLC) and, when we go deep enough, it detects risks with high precision.
Zooming into the CISO’s ideal playbook would reveal a stealth fuzz strategy to eliminate hidden security risks before bad guys even get a whiff; but we’re also likely to see red-inked question marks blotting the margins.
Descending the depths of the unknown can be a turbulent journey, depending on the enterprise’s unique challenges and resources. Those that successfully fuzz the code tend to execute tactful imperatives to get there, according to Onward Security’s CEO, Morgan Hung.
Imperative 1: Pre-map fuzz strategy to regulatory landscape
Adhering to so many technical and security protocols is a universal challenge for IoT manufacturers.
“Don’t give up!” encourages Hung. We’re not bound to every regulation orbiting the sphere. In addition to requirements that are unique to our product, he warns us to be mindful of criteria for devices that are subjected to hybrid network environments and international deployments where risks are more diverse and have a wider impact.
Imperative 2: Execute security design principles deep, everywhere
Leverage fuzz architecture and precise positioning technology that enables us to implement security design principles at every stage in the life cycle and throughout the layers of computer network architecture.
This tactic allows CISOs to maintain the integrity of cybersecurity testing and controls while rendering test results with near-zero misjudgment, according to Jacky Lee, product development director at Onward Security.
Imperative 3: Top that off with automated tools, continuously
Implement automated testing and detection capabilities to ensure the reliability and integrity of data. At the bare minimum, automating security vulnerability scans on a continuous basis is a must in order to safely deliver during truncated software update and upgrade cycles.
Imperative 4: Decipher the fuzz, comprehensively
Operationalize an integrated and easy-to-use interface to make sense of the vast volume of information.
Adopting these tactful imperatives can help security leaders fuzz-out numerous other setbacks, ultimately streamlining the product to market.
Take it home, safely
The Internet of Things is an inescapable and regular beat in our lives. This is especially true for people who depend on connected medical and assisted living technologies.
“Similar to a doctor checking the condition of our heart and other vital organs, we must know that our devices are healthy and safe,” implores Hung.
It is imperative that we crack the code on hidden security risks before bad actors hit home.
– Eli Kirtman is a freelance writer based in Cincinnati, Ohio.
Sponsored by Onward Security
Onward Security is a leading brand in cybersecurity compliance solutions for the Internet of Things. It has been selected as Best Cybersecurity Company – Asia Gold Winner by Cyber Security Excellence Awards. In addition to possessing an international IoT cybersecurity testing lab, it develops automated security assessment products with AI and machine learning features. It has been dedicating to helping customers in IoT/IIoT equipment manufacturing, finance, telecom, and other industries for fast obtaining security certification and effectively managing risks and vulnerabilities of open source software to ensure cyber and product security.