Internet of things security
Internet of things security includes comprehensive resources about identity and access management for IoT, attack vectors and mitigations, intellectual property protection and threat prevention and defense.
Top Stories
-
Tip
30 Jul 2025
Explore the relationship between IoT governance and privacy
Emerging industry standards and regulations -- coupled with technologies like AI -- will underscore the importance of IoT governance and privacy in the years to come. Continue Reading
-
Tip
25 Jul 2025
11 IoT security challenges and how to overcome them
While influential and beneficial, IoT introduces several security challenges, from device discovery and patching to access control and cyberattacks. Continue Reading
-
Tip
25 Jul 2025
11 IoT security challenges and how to overcome them
While influential and beneficial, IoT introduces several security challenges, from device discovery and patching to access control and cyberattacks. Continue Reading
-
Definition
23 Jul 2025
What is internet of things privacy (IoT privacy)?
Internet of things privacy, or IoT privacy, is the special consideration required to protect individuals' information from exposure in the IoT environment. Continue Reading
-
Tip
02 Jul 2025
Top 15 IoT security threats and risks to prioritize
Certain IoT security concerns, like botnets, are hard to forget, but others might not come to mind as easily, including DNS threats and physical device attacks. Continue Reading
-
Tip
25 Jun 2025
Prioritize security from the edge to the cloud
Businesses can find security vulnerabilities when they push their workloads to the edge. Discover the pitfalls of cloud edge security and best practices to secure edge workloads. Continue Reading
-
Definition
25 Jun 2025
What is CCTV (closed-circuit television)?
CCTV (closed-circuit television) is a video surveillance system in which signals are transmitted to a specific set of monitors and are not publicly broadcast. It is primarily used for security and monitoring. Continue Reading
-
Definition
11 Jun 2025
What is ransomware as a service (RaaS)?
Ransomware as a service (RaaS) is a subscription-based business model that enables threat actors, also called affiliates, to launch ransomware attacks by accessing and using predeveloped ransomware tools. Continue Reading
-
Definition
10 Jun 2025
What is Cisco ISE?
Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure network access to end users and devices. Continue Reading
-
Definition
19 May 2025
What is a firewall and why do I need one?
A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing traffic using a set of predetermined security rules. Continue Reading
-
Definition
06 May 2025
What is segregation of duties (SoD)?
Segregation of duties (SoD) is an internal control mechanism designed to prevent errors and fraud by ensuring at least two individuals are responsible for the separate parts of any task. Continue Reading
-
Tip
15 Apr 2025
How to ensure OT secure remote access and prevent attacks
OT systems face threats from attackers targeting their remote access capabilities. Segmenting networks is one important step. Learn other ways to safeguard your OT systems. Continue Reading
-
Definition
06 Mar 2025
What is promiscuous mode in networking?
In computer networking, promiscuous mode is a mode of operation in which a network device, such as a network interface card (NIC) or an adapter on a host system, can intercept and read in its entirety each network packet that arrives instead of just the packets addressed to the host. Continue Reading
-
Definition
28 Feb 2025
What is multifactor authentication?
Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
-
Definition
07 Feb 2025
What is cyber insurance, and why is it important?
Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online. Continue Reading
-
Definition
31 Jan 2025
What is cryptology?
Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading
-
Feature
06 Jan 2025
Best IoT conferences and events to attend in 2025
Major IoT conferences in 2025 cover the latest news and developments on IoT platforms, systems design, integration, applications, security, AI and emerging trends. Continue Reading
-
Feature
23 Dec 2024
6 must-read blockchain books for 2025
Numerous sources provide comprehensive information on blockchain fundamentals and applications. We narrowed the field to six of the most popular and diverse books available. Continue Reading
-
Tip
18 Nov 2024
What CISOs need to know to build an OT cybersecurity program
More companies are tasking CISOs with operational technology security. But this oversight means a new strategy for those unfamiliar with building an effective OT security program. Continue Reading
-
Definition
17 Oct 2024
What is tailgating (piggybacking)?
Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system. Continue Reading
-
Definition
31 Jul 2024
What is cyber attribution?
Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation. Continue Reading
-
Definition
26 Jul 2024
What is a computer exploit?
A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system. Continue Reading
-
Definition
18 Jun 2024
DNS attack
A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system. Continue Reading
-
Definition
13 Jun 2024
secure access service edge (SASE)
Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native security technologies and delivers them as a single cloud service. Continue Reading
-
Definition
20 May 2024
ATM jackpotting
ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. Continue Reading
-
Tip
04 Apr 2024
5 top OT threats and security challenges
Securing operational technology is particularly critical but also especially challenging. Consider these top OT threats and how to manage them. Continue Reading
-
Definition
20 Feb 2024
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. Continue Reading
-
Definition
07 Feb 2024
encryption
Encryption is the method by which information is converted into secret code that hides the information's true meaning. Continue Reading
-
Definition
28 Nov 2023
timing attack
A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system. Continue Reading
-
Tip
17 Nov 2023
An introduction to IoT penetration testing
IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
-
Tip
15 Nov 2023
How to protect your organization from IoT malware
IoT devices are attractive targets to attackers, but keeping them secure isn't easy. Still, there are steps to take to minimize risk and protect networks from attacks. Continue Reading
-
Definition
19 Oct 2023
Structured Threat Information eXpression (STIX)
Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies. Continue Reading
-
Definition
12 Oct 2023
security awareness training
Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
-
Definition
02 Oct 2023
voice squatting
Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced. Continue Reading
-
Feature
16 Aug 2023
How to use dynamic reverse engineering for embedded devices
In this excerpt from 'Practical Hardware Pentesting,' read step-by-step instructions on how to find vulnerabilities on IoT devices using dynamic reverse engineering. Continue Reading
-
Feature
16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure
Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
-
Tip
16 Jun 2023
Use IoT hardening to secure vulnerable connected devices
IoT and industrial IoT innovation continue to thrive, but IoT device security continues to be an afterthought. Companies should harden connected devices to remain protected. Continue Reading
-
Guest Post
22 May 2023
Follow a 6-phase roadmap to secure cyber-physical systems
Cyber-physical systems help bridge the digital world with the physical world, but they introduce cybersecurity risks that must be addressed. Continue Reading
-
Definition
25 Apr 2023
smishing (SMS phishing)
Smishing -- or Short Message Service (SMS) phishing -- is a social engineering tactic cybercriminals use to trick people into divulging sensitive information over text messages. Continue Reading
-
Feature
05 Apr 2023
ICS kill chain: Adapting the cyber kill chain to ICS environments
As IT/OT convergence continues to gain traction, industrial control system security cannot be ignored. Performing pen tests based on the ICS Kill Chain can help. Continue Reading
-
Feature
05 Apr 2023
An intro to the IDMZ, the demilitarized zone for ICSes
Setting up an IDMZ -- a demilitarized zone between enterprise and industrial networks -- can prevent operational environments from becoming compromised by IT threats. Continue Reading
-
Feature
05 Apr 2023
Reinforce industrial control system security with ICS monitoring
Monitoring an industrial control system environment isn't that different from monitoring a traditional IT environment, but there are some considerations to keep in mind. Continue Reading
-
Definition
09 Mar 2023
cyberwarfare
The generally accepted definition of cyberwarfare is a series of cyber attacks against a nation-state, causing it significant harm. Continue Reading
-
Definition
03 Feb 2023
passive reconnaissance
Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems. Continue Reading
-
Tip
18 Jan 2023
Top 10 ICS cybersecurity threats and challenges
Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them. Continue Reading
-
Definition
20 Oct 2022
email
Email (electronic mail) is the exchange of computer-stored messages from one user to one or more recipients via the internet. Continue Reading
-
Tip
22 Jun 2022
A look at smart energy security measures
IoT energy meters and sensors make buildings and power grids more efficient and cost-effective but require encryption, network security and access control for safe operation. Continue Reading
-
Definition
28 Apr 2022
man-in-the-middle attack (MitM)
A man-in-the-middle (MitM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. Continue Reading
-
News
24 Jan 2022
Silicon Labs launches new AI/ML chips, toolkit for edge
The chip vendor's new wireless SoC aims to bring AI and machine learning to the IoT. The systems also use the Matter IP-based protocol to wirelessly connect devices. Continue Reading
-
Opinion
06 Jan 2022
IoT ethics must factor into privacy and security discussions
With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
-
Tip
15 Dec 2021
6 IoT security layers to shape the ultimate defense strategy
IT administrators can divide and conquer their defense strategy with IoT security layers that ensure data protection from its generation in devices to its storage in the cloud. Continue Reading
-
Tip
08 Nov 2021
Edge computing security risks and how to overcome them
IT administrators must incorporate the right strategies and tools to anticipate, prevent and overcome common edge computing security risks and realize the value of edge technology. Continue Reading
-
Tip
19 Oct 2021
Learn the basics of cryptography in IoT
Cryptography requires navigating the limitations of IoT, but the protection data encryption offers makes it a must-have for secure IoT deployments and communication channels. Continue Reading
-
Definition
07 Jun 2021
meet-in-the-middle attack
Meet-in-the-middle is a known plaintext attack that can greatly reduce the number of brute-force permutations required to decrypt text that has been encrypted by more than one key. Continue Reading
-
Feature
02 Nov 2020
5 steps to get IoT cybersecurity and third parties in sync
Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring. Continue Reading
- 02 Nov 2020
-
Opinion
02 Nov 2020
AI in cybersecurity ups your odds against persistent threats
AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading
-
Tip
06 Apr 2020
Using AIOps for cybersecurity and better threat response
AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways. Continue Reading
-
News
28 Jan 2020
Cisco Cyber Vision targets industrial IoT security
Cisco Cyber Vision is the networking company's latest product for industrial IoT security. The technology is based on software Cisco acquired last year when it bought Sentryo. Continue Reading
-
Opinion
20 Nov 2019
What's the answer for 5G security?
Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas' white paper, 'The Evolution of Security in 5G.' Continue Reading
-
Tip
20 Sep 2019
Create a manageable, secure IT/OT convergence strategy in 3 steps
An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT. Continue Reading
-
Tip
20 Sep 2019
Tips and tricks to integrate IT and OT teams securely
IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined. Continue Reading
-
Tip
20 Sep 2019
What's the role of people in IT/OT security?
To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures. Continue Reading
-
Infographic
01 Aug 2019
IoT cybersecurity: Do third parties leave you exposed?
IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues. Continue Reading
-
Definition
30 Jul 2019
embedded system security
Embedded system security is a strategic approach to protecting software running on embedded systems from attack. An embedded system is a programmable hardware component with a minimal operating system and software. Continue Reading
-
Feature
29 May 2019
Human rights advocate talks GDPR, AI and data privacy laws
Human rights advocate Bjørn Stormorken talks about the importance of data privacy laws, and why stronger laws and more data literacy are necessary today. Continue Reading
-
Blog Post
07 May 2019
Why are connected devices leaving UK businesses as vulnerable as ever in 2019?
Collective consciousness about IoT risks and the consequences of IoT security breaches is growing, but still many organizations remain susceptible to attack. Forescout's Myles Bray discusses the ... Continue Reading
-
Blog Post
25 Feb 2019
Overcome the cybersecurity skills gap to embrace the digital transformation power of IoT
Securing IoT is critical, but with a major security skills shortage, recruiting talent is challenging to say the least. Fortinet's Jonathan Nguyen-Duy offers insight into finding – or cultivating – ... Continue Reading
-
Blog Post
20 Feb 2019
Strong security can unleash the promise of the industrial internet of things
Industrial IoT is set to make a worldwide economic impact. However, without strong security, IIoT efforts are for naught. DigiCert's Dan Timpson explains why PKI and digital certificates are key to ... Continue Reading
-
Blog Post
13 Sep 2018
Blockchain offers a new approach to customer satisfaction with the help of IoT
Pairing blockchain with IoT is revolutionizing the customer experience, says Voxpro's Brian Hannon, namely by providing the trust needed to build customer relationships on core values of security, ... Continue Reading
-
News
11 Jul 2018
Execs: Content management in the cloud not as easy as it looks
Challenges await companies as they move content and microservices app-enabled processes to the cloud. Chief among them are data security and apprehension about process complexity. Continue Reading
-
News
29 Jun 2018
GlobalSign, Comodo launch competing IoT security platforms
Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices. Continue Reading
-
Feature
01 Jun 2018
Stranger things: IoT security concerns extend CISOs' reach
The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities. Continue Reading
-
Blog Post
23 Apr 2018
Ethics, values and common standards are essential for shaping an IoT-smart society
Industry leaders and policymakers must ensure the well-being of the consumer in a smart, connected world. Wipro's Jayraj Nair explains why ethics, values and common standards are critical. Continue Reading
-
Opinion
22 Feb 2018
What's our future if we don't secure IoT devices?
When everything from the coffee maker to the manufacturing plant's robots to the electric grid is connected, shouldn't security be IT's primary concern? Continue Reading
-
Blog Post
08 Feb 2018
Dawning of the digital security border: A new standard for wide area perimeter and border security
Technology-based perimeter security may have a potential use case in the U.S. again thanks to low-power sensors and the new 802.16s industrial wireless standard. Continue Reading
-
Blog Post
02 Feb 2018
The role retailers should play in driving IoT security certification standards
IoT security is a major concern, especially for retailers. JASK's Greg Martin explores the role retailers have to play in securing IoT and keeping themselves and consumers safe. Continue Reading
-
Blog Post
30 Jan 2018
Predictions: Learning from the past as we advance IoT security in 2018 and beyond
Myles Bray of ForeScout compiled IoT security predictions from Ayelet Kutner, Jon Connet and Bob Reny, revealing what security threats organizations may see over the next year. Continue Reading