IoT plays an important role that allows enterprises to go through digital transformation. However, in many cases organizations start to become aware that they do already have a large number of IoT devices which were introduced gradually over the years. One of the main concerns that an organizations face when dealing with IoT is managing risks involved in increasing number of IoT devices. Because of their ability to interact with the physical world, there are safety and privacy concerns when it comes to the security of IoT devices. This paper provides an overview of IoT components, followed by risks and sample attacks. Finally, a list of current and prospective future security solutions is discussed.

An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation (IoTSF). VulnerableThings.com aims to simplify the reporting and management of vulnerabilities while helping IoT vendors comply with new consumer IoT security standards and regulations.

Whit Chaiyabhat was promoted to serve as Takeda Pharmaceuticals' Head of Global Security in mid-October. Congrats!

Portland State University will be unable to meet its fall goal of transitioning to unarmed sworn officers on campus due to a number of issues, however, the University says it remains committed to this eventual goal.

Traditional Enterprise Data loss prevention (DLP) tools were not initially designed for protecting unstructured data, and encryption and policy are not centralized and few have taken advantage of improvements in recent years. In the meantime, unstructured data has piled up and is growing.  To target this problem, a new set of vendors and products emerged with “data-centric” solutions adding to the confusion. So many vendors with a variety of capabilities to choose from, but how do you know which is right? What vendor do you choose? The answer to these questions is to think more about what you want to accomplish and weigh the approaches first.

The Cybersecurity and Infrastructure Security Agency (CISA),  the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) identified tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky to gain intelligence on various topics of interest to the North Korean government.

If we ended up in a cyberbattle with some of the top nation-state actors, they could shut down supply chains, hospitals, the internet, oil and gas, electricity grids, water systems and more.  A national cyber director would be able to coordinate the cybersecurity flow of information to the executive branch and be able to coordinate a strategy to defend against these kinds of attacks.

Sgt. Lauren L. Misale, a 12-year veteran of the Clark University Police Department (CUPD) and Clark alumnus, has been appointed the University’s chief of police, effective November 2. President David Fithian said Misale was selected for her stellar record, strong relationships on campus and in the community, and deep commitment to students. She replaces Chief of Police Stephen Goulet who announced his retirement earlier this year.

October is National Cybersecurity Awareness Month, and we wholeheartedly support this important initiative to focus attention on the critical security challenges facing all of us. This week’s theme focuses on the continued proliferation of IoT with, “The Future of Connected Devices.” If there’s one major cyber trend we’ve seen unfold around connected devices, it’s that there is a tendency to focus cybersecurity awareness on what we can see – phones, laptops, and IoT devices, while assuming that protecting endpoints will stop the epidemic of damaging cyberattacks.