Image for post
Image for post
Photo by Andres Urena on Unsplash

Believe it or not, the two parties in Congress and the President have agreed on something both significant and substantive since Election Day: Not just that the Internet of Things (IoT) needs better security, but on how to do it — or at least try.

Both houses of Congress passed — unanimously! — and President Trump signed, the “Internet of Things Cybersecurity Improvement Act of 2020, an effort that began more than three years ago.

There is no question about the need — it’s blindingly obvious. You could count the reasons. Actually, you couldn’t count them, at least not without a computer. Even if you counted 200 per minute, it would take decades to get through a fraction of the estimated 31 billion IoT devices now in use — and by then you’d be further behind because the number continues to grow faster than you can count. …


Image for post
Image for post
Photo by Markus Spiske on Unsplash

It has been said before, but it needs to be said again — and again: Software can make or break your business.

If it’s high-quality, with security “built in” throughout the software development life cycle (SDLC), it can streamline your operations, protect your assets, and help you create and deliver products and services that can make you prosperous.

If it is written poorly, with little attention paid to security, software can make you an easy target for online attackers who can exploit its vulnerabilities to steal your intellectual property, your money, and your customers’ personal and financial information. …


Image for post
Image for post
Photo by heylagostechie on Unsplash

It’s become a cliché because it’s true: If you’re in business, you’re a software company. But these days that cliché has become a bit more specific: You’re an open source software (OSS) company.

Because virtually all software products built and in use today include open source — the kind that’s free and available for anyone to use, modify, or share as they please, although it usually comes with some licensing restrictions or obligations.

Which is why, if you’re in business, you should check out a report released last week by the Synopsys Cybersecurity Research Center (CyRC) on how organizations around the world are managing both the security risks and the licensing requirements of their OSS. It can help you get a handle on how to reap the benefits while avoiding the risks of the major digital building blocks of everything from networks to systems to applications to smart devices. …


Image for post
Image for post
Photo by Sigmund on Unsplash

If you’re in business, the cloud is the place to be. It has been for some time — it was more than two years ago that Druva, a cloud data management and security company, reported that of 170 companies it surveyed, an overwhelming majority — 90% — said moving virtualized workloads to the cloud was either a reality or a near-term goal.

That’s both good and bad.

It’s good for reasons that are by now well-established. Cloud environments are generally scalable, reliable, and highly available. They make it easier to forecast ROI, and implementation costs are minimal. The cloud offers more effective disaster recovery, ease of management, and less expensive storage. …


Image for post
Image for post
Photo by Mark König on Unsplash

Cyber criminals are updating the classic Willie Sutton maxim that the reason he robbed banks was because “that’s where the money is.”

Yes, there’s still plenty of money in banks. But many billions of dollars — Deloitte estimates $182 billion to $196 billion — will be transacted online during the holiday season that is now upon us. That would be a 25% to 35% increase in holiday e-commerce since last year. And it could exceed that estimate, given the resurgence of a worldwide pandemic and constant exhortations to avoid congregating anywhere, which would include places like retail stores.

So, no surprise, online thieves are primed to exploit that vast attack surface. And retailers and consumers can’t say they haven’t been warned. Because there are plenty of headlines from past years about cybercrime spiking during the holidays. …


Image for post
Image for post
Photo by Austin Distel on Unsplash

Want a job? Your chances can’t get much better than in an industry with low unemployment.

So if you’re looking, head for the door marked “cybersecurity.” Unemployment isn’t just low — it’s nonexistent. There has been a shortage of skilled labor in the field for years — although the global gap this year is smaller, down to 3.12 million from 4.07 million last year according to (ISC)², a nonprofit association of certified cybersecurity professionals.

But the organization reported that the number of qualified applicants in the field still needs to grow by approximately 41% in the U.S. …


Image for post
Image for post
Photo by Erik Mclean on Unsplash

Information is power, the saying goes. These days, information is also money.

So perhaps after hearing that “if you’re not paying for the product, you are the product” for a decade or more, consumers are starting to get more savvy about the reality of Big Data — that the data they generate in their increasingly connected lives is, collectively, worth very big bucks. Also that it can be very invasive to their personal privacy.

Which could explain, at least in part, why Massachusetts voters went 3–1 on Election Day in favor of an expanded “Right to Repair” law that will give them ownership and at least a measure of control over the streams of data they generate every time they use their car. …


Image for post
Image for post
Photo by National Cancer Institute on Unsplash

When it comes to evaluating risk, context may not be everything, but it’s a very big thing. That has been apparent for months now regarding the coronavirus pandemic. The same virus is not the same threat to everybody. While COVID-19 can kill anybody, the risk to an 80-year-old with asthma is vastly greater than it is to a healthy high-schooler.

Context applies to risks caused by vulnerabilities in connected medical devices as well. …


Image for post
Image for post
Photo by Lianhao Qu on Unsplash

That classic cliché “It’s difficult to make predictions, especially about the future,” has been attributed to a list of humorists ranging from Mark Twain to Yogi Berra.

But it’s true of just about everything, including the vast and explosively growing Internet of Things (IoT). Nobody really knows what it will look like or how it will work (or not work) a decade from now, even though the focus of this, the final week of National Cybersecurity Awareness Month (NCSAM) is: The future of connected devices.

A few things are relatively easy to predict, though. Barring some kind of cosmic upheaval or meltdown, one element of the future of connected devices is that there will be more of them — billions and billions more — as the IoT continues to morph into the IoE, the Internet of Everything. Just since 2018, the IoT has ballooned from about 7 billion devices to more than 30 billion. …


Image for post
Image for post
Photo by Diabetesmagazijn.nl on Unsplash

Medical devices are among the greatest healthcare achievements of modern times. For millions of people, they improve both the quality and length of life.

But when they are connected to the internet, as millions are, malicious hackers could turn those healing tools into lethal weapons or leverage for ransom or blackmail.

One of the most prominent examples of that risk is former U.S. Vice President Dick Cheney, who famously had the wireless capabilities in his pacemaker disabled due to the threat of possible assassination attempts. He told a national audience about it on CBS’s “60 Minutes,” in 2013.

But even today, while threats like that are considered rare, they still exist. That’s because most devices in use, while built to work properly for years — even decades — weren’t designed to be connected. They weren’t built with cybersecurity in mind. …

About

Taylor Armerding

I’m a security advocate at the Synopsys Software Integrity Group. I write mainly about software security, data security and privacy.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store