Content, Content, IoT

IoT Security: NIST Offers Risk Mitigation Guidance

Credit: Pixabay

The Internet of Things (IoT) presents many opportunities, but new cyber threats are emerging that affect connected devices. However, organizations that understand how to manage the cybersecurity and privacy risks associated with IoT devices are well-equipped to prevent cyberattacks and data breaches, according to the "Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks" report from the National Institute of Standards and Technology (NIST).

In addition, NIST offers the following recommendations to help organizations manage IoT risk:

  • Identify IoT device risks. Understand the risks associated with IoT devices and plan accordingly.
  • Develop and maintain IoT policies. Create policies and processes designed to guard against IoT device attacks; these policies and processes also should be updated periodically.
  • Implement updated risk mitigation best practices. Evaluate IoT risks regularly and develop and deploy new risk mitigation best practices as needed.

Furthermore, organizations can evaluate IoT risk by device and device usage, NIST stated. In these instances, organizations may need to deactivate various IoT device capabilities to reduce risk.

Lawmakers Propose IoT Cybersecurity Act

Federal regulators in March introduced the IoT Cybersecurity Act of 2019, a bipartisan bill that mandates minimum national security standards for IoT devices. The IoT Cybersecurity Act would apply exclusively to government agencies that use IoT devices.

Expect the demand for IoT devices — and the demand for MSSPs to help secure these devices — to continue in the foreseeable future, too.

Worldwide IoT market revenues are projected to reach $520 billion by 2021, according to global management consulting firm Bain & Company. Furthermore, technology industry analyst Gartner has predicted 20 billion IoT devices will be on the market next year.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.