Who is responsible for IoT security in healthcare?

NIST panel debates who should own IoT security: vendors or users. The issue is especially important when it comes to protecting medical devices.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The next big challenge in cybersecurity will undoubtedly be to secure the billion-plus (and growing) internet-of-things (IoT) devices around the globe, which exponentially expand the attack vector across the increasingly interconnected IT sector. Based on statistics from Symantec, attacks that leverage internet-connected cameras, appliances, cars, and medical devices to launch attacks or infiltrate networks soared by 600 percent from 2016 to 2017.

“It was a big year for cyberattacks,” Ken Durbin, senior strategist for global government affairs at Symantec, said speaking on a panel at NIST’s Cybersecurity Risk Management Conference. Much of that panel’s discussion focused on who should own IoT security. The nature of IoT risk makes that a hard question to answer.

IoT security challenges

The problem with nipping IoT-leveraged attacks in the bud is that the devices themselves are “soft” targets, unprotected and vulnerable. Most of the devices are incapable of accepting patches that remedy the vulnerabilities they contain, according to Durbin.

Many IoT exploitations to date hit the “first wave” of devices, which were initially analog and weren’t properly connected or protected, George Wrenn, CEO of CyberSaint Security and research affiliate at the MIT Sloan School of Management, said.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.