Antoinette Hodes is a Check Point Solutions Architect for the EMEA region and an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years. She is a strong customer advocate, who connects people & processes with technology by matching the clients’ business needs with security solutions and services. Antoinette commonly drives meetings within the C-suite and takes a profit-driven approach. Her goal is to support clients with their secure digital transformation journeys. Antoinette is passionate and eager to learn when it comes to technology. Personal mission: Making the internet a better place for our children!
In this insightful and discerning interview, Check Point Solutions Architect Antoinette Hodes discusses Internet of Things (IoT) security, Nano Agent technology, and the future of complex, connected, internet-based devices. Don’t miss this!
What are organizations getting right when it comes to IoT security?
All organizations understand the risk and possible impact that IoT assets pose. Organizations sense the urgency around dedicated IoT security, as IoT assets are not only connected via the on-premises network but also to cloud instances, cellular and even satellite networks. The boundaries are fading when talking about “IoT”. And with that comes a new quandary; who is responsible for the security component?
How can CISOs do a better job of protecting connected systems and devices?
How attacks are mitigated really depends on the IoT solution itself and the vertical we are talking about. Company policies have mandatory endpoint requirements defined; for example the anti-virus. The solution may not be x number of updates behind.
IoT assets are often overlooked and not added at all. Think of printers or smart TV’s connecting to the internet. Those assets extend the company’s attack surface and offer new attack vectors for hackers/attackers, leaving the company at risk.
That brings me to today CISO’s challenges – how to work with a small budget, how to address the skilled staff shortage, how to define a clear central strategy. With an insufficient answer, your security, assets, reputation, data, intellectual property and everything else are potentially in danger. CISOs must ask the C-suite to consider the cost of an increased budget versus the potential costs of a security breach and to ensure that the staff is being trained and has the skills to manage complex environments. Deploying security solutions with a focus on prevention and response tactics is a must for resilience.
I love the quote from Robert Mueller, former Director of the FBI, who said, “There are only two types of companies: Those that have been hacked and those that will be hacked.” I may add a third one – those that have been hacked but still don’t know.
What are the challenges in securing IoT devices?
Challenges and requirements differ per use case. Think of hardware, software, deployment and maintenance needs from the vendor’s point of view.
The vendor wants to place a product in the market with minimal cost and to benefit from being earlier in the market. To achieve that, they may release products with low levels of cyber security, reflected by widespread vulnerabilities and the insufficient and inconsistent provisioning of security updates. Users do not have any visibility to the risks; they have no access to this information. In turn, this prevents users from choosing products with adequate cyber security properties or from using them in a secured manner.
A secure product launch is highly dependent on factors such as the organization’s maturity, capital and product readiness. During development, security is often not at the forefront of the process. Or there is not sufficient capital to develop “secure by design” IoT assets. Changes, patches and updates for IoT assets could be cumbersome and difficult. All changes performed in the system (it doesn’t matter how small they are) require compiling and extensive testing of the complete system, which is time consuming and expensive. More information can be found here.
Please share a bit about how Check Point IoT Nano agent technology can help?
Check Point introduced Quantum IoT Protect Nano agent to help manufacturers secure embedded devices. It includes a risk assessment service and a Nano Agent to embed into a device. What happens is that cyber security experts of Check Point review the product, perform a full risk assessment and provide the manufacturer with a Nano Agent – a customized package that provides the top security capabilities. Check Point Nano Agent is designed for embedded devices. It requires only minimal resources, and it is an out-of-the-box solution that doesn’t require intrusive code changes. At the same time, it serves as a frontline to secure the device. We secure the device from within.
How do you predict that IoT devices, security and legislation will evolve in the next year?
We will see mandatory and voluntary IoT cyber security regulations. Regulations will help improve the security of devices. Even the voluntary regulations will be welcomed by IoT manufacturers, as adherence to them will help gpost brand trust. In general, the IoT regulation challenge consists of two parts. The first one is making IoT assets resilient to cyber threats and attacks; the IoT security itself. Attacks on IoT devices can massively impact critical, commercial and governmental operations and this is a real risk. The second challenge is how to handle personal information, according to privacy rules and laws.
Is there anything else that you would like to share with the CISOs of CyberTalk?
If we want to secure, as I like to call it, the internet of “any” thing, software is the solution. Here is a personal top five of IoT predictions for 2023:
- Increased and massive automated attacks against consumer IoT assets at a large scale
- 5G for IoT will be a game changer and will pose new security risks for consumers
- Security and surveillance will lead the IoT market
- Industrial IoT will become a crucial topic
- IoT will boost the development of sustainable technology
Last but not least, I love to work with CISOs. I respect them so much as they are forever students in the very dynamic IoT security threat landscape.
If your organization needs to restructure its IoT security strategy, please be sure to attend Check Point’s upcoming CPX 360 event. Register here.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.