Securing IoT: Is It Feasible?Javelin's Al Pascual Says Focusing on Entire Device Lifecycles Offers Hope
U.S. consumers now own about 870 million IoT devices, according to a new study from Javelin Strategy & Research. As these devices become more prolific and versatile, payment capabilities are being layered in. So how can the exploding IoT landscape be secured?
"There's such a diversity of devices, such a diversity of things they can do, that solving for security - whether that's preventing fraud or keeping the data safe, keeping the customer safe - is not an easy thing to do," says Al Pascual, Javelin's senior vice president of research. "It takes a lot of planning, a lot of forethought and some really deep consideration. The challenge, particularly for banks and payment companies, is that there's no real guidance out there."
Not a Priority for Banks?
The relatively shallow functionality of banking and payment capabilities in IoT devices is not pushing banks and payment networks to focus on security in today's apps, Pascual says in an interview with Information Security Media Group about Javelin's latest research.
"Within banking in particular, fraud and security issues are usually not addressed until something is ready to be launched or has been launched," Pascual says. "Because we're not at a point where banks are doing anything that is very risky, how do you incent them to go ahead and make these security changes?"
In this interview (see audio link below photo), Pascual also discusses:
- The scale of the current IoT device landscape;
- How fraud risks can be mitigated by focusing on entire device lifecycles;
- Protecting an ever expanding IoT attack surface.
Pascual is Javelin's senior vice president of research and head of fraud and security. Previously, he held risk management roles at HSBC, Goldman Sachs and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators and the Federal Reserve Secure Payments Task Force.