In the latest Internet of Things news this week, researchers from Cal Poly successfully designed an app for Google Glass that could take a picture every ten seconds with the display off, “uploading the images to a remote server without giving the wearer any sign that his or her vision is being practically live-streamed to a stranger,” Andy Greenberg writes. It’s scary enough to imagine that someone could be walking around, living their day-to-day lives as someone records their every action at a distance.
“All these new smart devices come with their own specific, new vulnerabilities, which can give attackers new opportunities,” security researcher Roel Schouwenberg has said. “They may require new technology and approaches to protect [them] properly. Adding new, complex devices to the equation is going to make things a lot more difficult.”
With Google Glass set to hit the market in early 2015, and an estimated 90 million wearable tech devices set to be shipped , CISO’s need to be cognizant that the Internet of Things will quickly seep into many organizations – whether your current BYOD policies allow them or not.
As our personal devices become increasingly advanced, the main concern where a CISO is involved is how to secure them in the workplace. Up to now, the track record hasn’t been great. Last year, a study by IBM found that fewer than 40% of organizations, the vast majority of which are large enterprises, have, in fact, organized specific policies for BYOD device.
This is not the time for CISO’s to shy away from BYOD – now, more than ever, it needs to be embraced, and quick. Malicious actors are already doing their part to break into businesses via the IoT – now it’s time to do your part. Your BYOD policies will absolutely evolve, but it’s essential that they are implemented as early as possible in order to be better adapted. The earliest implementers of BYOD policies, for example Intel, which began BYOD policies way back in ’09, have enjoyed better productivity, improved security and greater control.
BYOD doesn’t even mean ‘Bring Your Own Device’ anymore, “its ‘Brought Your Own Device’,” Mitch Parker, CISO of Philadelphia’s Temple University Health System jokes. “If you don’t realize they’re onsite already, that’s a big problem.” Security teams and CISOs have a tough road ahead in putting policies in place to secure an organization in increasingly connected environments. Some considerations for moving your BYOD policy forward should be:
There are going to be an estimated 212 billion connected devices by the end of 2020. What are you doing to evolve your BYOD policies to include IoT devices?
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.