TRENDING:

Application Security , Endpoint Security , Internet of Things Security

Ensuring Connected Devices Are Secure

Aaron Guzman of OWASP Says IoT Security Basics Are Improving Jeremy Kirk (jeremy_kirk) • July 14, 2020    
Aaron Guzman, OWASP

The emergence of the Mirai botnet four years ago created a wave of worry over how increasing numbers of internet-connected devices could be abused by cybercriminals.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

Mirai’s malicious code was designed to take advantage of weak or default credentials in digital video recorders, routers and CCTV cameras. Then, the commandeered devices were used to launch staggering distributed denial-of-service attacks (see: Mirai Botnet Pummels Internet DNS in Unprecedented Attack).

The lessons from Mirai have been taken to heart, says Aaron Guzman, who is the IoT and Embedded AppSec Project leader for the Open Web Application Security Project, also known as OWASP.

“I definitely see at least the IoT security landscape progressing in many different ways, especially in certain industry sectors,” Guzman says. "The awareness of Mirai and the impact of insecure devices really hit home for some companies, some organizations, manufacturers and even federally.”

Guzman is one of many experts working to create tools to better evaluate the security of connected devices and embed security into software design processes. OWASP and other organizations are working on specifications and methods for evaluating and securing connected devices.

“With all the awareness and all the interest, several communities have created a kind of 'call to action' and essentially put together their own flavors of what you should do to ensure your IoT devices are secure,” Guzman says.

In this video interview with Information Security Media Group, Guzman discusses:

  • The security challenges around IoT devices connected to cloud services;
  • How OWASP is creating tools and methods to help organizations test and secure connected devices on their own;
  • Whether a global IoT security standard will be developed.

Guzman is the lead for OWASP’s IoT and Embedded AppSec Project as well as its Firmware Security Testing Methodology project. He’s an expert in web application security and is a technical leader with Cisco’s Meraki unit.

Previous
OnDemand | 2020 Global Threat Intelligence Report
Next
Unilever CISO on Security Priorities for Remote Workforce

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.



Around the Network

Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
How a CEO Runs a Company in Wartime
How a CEO Runs a Company in Wartime
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
AI's Impact on Insurance and Healthcare Transformation
AI's Impact on Insurance and Healthcare Transformation
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Israel-Hamas War: 'We All Know Someone That Lost Someone'

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.