EDITOR’S QUESTION
Justin Harvey
Chief Security Officer,
Fidelis Cybersecurity
The security implications of IoT are
becoming a huge problem in the corporate
world, causing the traditional corporate
perimeter to erode. As increasingly more
devices are being connected to enterprise
networks, CIOs are consequently losing
visibility, making them more and more
concerned about who could gain access
to what. The VTech breach, for example,
is a perfect example of how valuable
data – including pictures, usernames and
passwords – generated on connected
devices can fall into the wrong hands.
For the CIO, the implications of a breach
are not only financial in terms of fines
and additional security measures being
deployed, they can also completely derail a
company’s reputation.
CIOs must take a new approach to
network security in 2016 and look to
bolster endpoint security to counter
the impact of more connected devices.
Additional security at the endpoint will help
organisations to identify threats when they
www.intelligentcio.com
enter the network, investigate them more
thoroughly and respond quickly. It’s also
important that companies invest in strategic
intelligence services, which are made up of
experts who can analyse threats and draw
conclusions about a threat group; its tactics,
techniques and procedures, as well as in
some cases offer a motivation behind an
attack. This can be much more extensive
than tactical intelligence which is often
generated by machines.
What’s more, it wouldn’t be surprising if
the EU and member countries begin a new
round of legislation governing IoT devices.
Prior to this coming into force, CIOs should
ensure they have a process in place to
ensure that all policies and documentation
are kept up to date; ensuring there is a
clear audit trail. For some organisations,
this requires additional personnel, such
as a Data Processing Officer (DPO), for
example, depending on the size of the
company. The key message here is that
the time to act is now.
INTELLIGENTCIO
83