Are CISOs fuzzing with IoT? We hope so.

– Eli Kirtman

Were we privy to the nefarious actor’s playbook, we would see that intruders and insider threats alike share a motif deeper than the enterprise’s bottom line — to compromise its unknown vulnerabilities — and they’re targeting the plethora of security risks in the Internet of Things (IoT) technology to get there.

All the while, the full suite of executives is zipping through security protocols, ransom insurance policies and vetting third-party solutions to protect their devices from the inevitable Zero-Day attack.

An attack that security leaders may not see coming, unless they’re fuzzing in the right places.
 

Considered one of the most effective technical methods to discover unknown vulnerabilities, fuzz testing analyzes and learns how the device we’re creating responds to normal and abnormal conditions during the software development life cycle (SDLC) and, when we go deep enough, it detects risks with high precision.

Zooming into the CISO’s ideal playbook would reveal a stealth fuzz strategy to eliminate hidden security risks before bad guys even get a whiff; but we’re also likely to see red-inked question marks blotting the margins.

Descending the depths of the unknown can be a turbulent journey, depending on the enterprise’s unique challenges and resources. Those that successfully fuzz the code tend to execute tactful imperatives to get there, according to Onward Security’s CEO, Morgan Hung.
 

Adhering to so many technical and security protocols is a universal challenge for IoT manufacturers.
“Don’t give up!” encourages Hung. We’re not bound to every regulation orbiting the sphere. In addition to requirements that are unique to our product, he warns us to be mindful of criteria for devices that are subjected to hybrid network environments and international deployments where risks are more diverse and have a wider impact. 
 

Leverage fuzz architecture and precise positioning technology that enables us to implement security design principles at every stage in the life cycle and throughout the layers of computer network architecture.

This tactic allows CISOs to maintain the integrity of cybersecurity testing and controls while rendering test results with near-zero misjudgment, according to Jacky Lee, product development director at Onward Security.  
 

Implement automated testing and detection capabilities to ensure the reliability and integrity of data. At the bare minimum, automating security vulnerability scans on a continuous basis is a must in order to safely deliver during truncated software update and upgrade cycles. 
 

Operationalize an integrated and easy-to-use interface to make sense of the vast volume of information. 
Adopting these tactful imperatives can help security leaders fuzz-out numerous other setbacks, ultimately streamlining the product to market. 
 

The Internet of Things is an inescapable and regular beat in our lives. This is especially true for people who depend on connected medical and assisted living technologies.

“Similar to a doctor checking the condition of our heart and other vital organs, we must know that our devices are healthy and safe,” implores Hung.

It is imperative that we crack the code on hidden security risks before bad actors hit home.

Onward Archives
– Eli Kirtman is a freelance writer based in Cincinnati, Ohio.