The Security Ledger Podcast

The Security Ledger Podcast


Spotlight: Your IoT Risk Is Bigger Than You Think. (And What To Do About It.)

October 28, 2021

In this Spotlight edition of the podcast, we’re joined by Curtis Simpson, the Chief Information Security Officer at Armis. Curtis and I discuss the growing cyber risks posed by Internet of Things devices within enterprise networks. IoT and OT (operation technology) deployments are growing and pose challenges to organizations that are still focused on conventional IT systems and threats, and that struggle to detect such devices in their environments.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In the past decade, security threats posed by the “Internet of Things” have gone from a curious “what if” to an urgent problem affecting national security. Earlier this month, for example, CISA warned of ongoing cyber attacks targeting water and wastewater facilities. Those attacks are targeting both IT and OT – or operational technology – networks and systems including industrial control system (ICS) and SCADA systems, CISA said. (PDF)

But, in truth, IoT risk is something that affects organizations of all types – from critical infrastructure owners and operators down to small businesses. Network connected printers, door/badge and HVAC systems, CCTV installations – all are common fixtures of modern workplaces – from defense contractors to doctors’ offices.

Curtis Simpson is the Chief Information Security Officer at Armis.

Still, the vast majority of security technology available to these organizations to manage their cybersecurity was designed to fight the “last war”: securing mostly Windows laptops, desktops and servers, even as non-traditional endpoints proliferate – most running operating systems other than Windows has cropped up on corporate networks. Consider, for example, the so-called “Urgent11” software vulnerabilities that were discovered to impact real time operating systems including VxWorks, OSE, Integrity and ThreadX RTOSs that, collectively, run billions of connected devices.

Identifying these devices is critical if they are to be managed and secured. But what does that take? In this episode of the podcast we are joined by Curtis Simpson, the CISO at Armis, a cybersecurity firm that offers a knowledge base and tools for fingerprinting IoT devices and then monitoring and securing IT, IoT and OT systems.