Internet of Things (IoT) Cyber Security Certification Services

CONSUMER INTERNET OF THINGS (IOT) CYBERSECURITY TESTING AND CERTIFICATION

In the age of the Internet of Things (IoT) every connected consumer device, from homecare monitors to kids’ toys, is a potential threat to data security and privacy. The technologies such as Wi-Fi capabilities and sensors are a main component in IoT product which allows them to collect data and have the ability to "talk" to other connected devices. However, the same technologies also open up the IoT product for cyber attacks. Common attack vectors include weak passwords, vulnerabilities in sub-components or integrated libraries, lack of encryption, Internet exposure, and hidden “backdoors” that are designed in by device manufacturers. 

Testing of the individual components against requirements determined by the risk assessment is the foundation of a secure product. Security cannot be installed as a software add-on after product development. Every level of the stack must be assessed for vulnerabilities, including device hardware (chipsets, sensors and actuators), wireless communication modules and protocols, device firmware (OS and embedded applications), cloud platforms and applications. 

IoT security risks

The expanded attack surface areas make IoT cybersecurity essential. Unsecure practices by users and organisations, who might lack the tools or expertise to appropriately safeguard against IoT cybersecurity risks, are an additional threat. Unfortunately, there is no "one size fits all" cybersecurity solution to secure every IoT deployment.

These security issues include:

Vulnerabilities: Poor data and password protection are common vulnerabilities that could work as gateways between secured and unsecured devices. Besides, IoT devices' lack of computational capacity makes them too weak to have in-built security.

Escalated cyberattacks: While businesses could be seen as profitable targets, consumer IoT devices have a higher risk of more sophisticated cyberattacks. The infected devices can be a source of DDoS attacks.

Information theft: As with escalated cyberattacks, information is susceptible to outside access after a device has been infected. With new deepfake and media doctoring technologies, information theft and bypassing security systems could be easier.

Device mismanagement and misconfiguration: The lack of knowledge about IoT cybersecurity risks and IoT management skills. Subscribing to an IoT security provider that effectively handles cybersecurity and trains professionals on IoT could be helpful.

OUR consumer IOT CYBERSECURITY SERVICES 

Our CIoT cybersecurity services include: 

• Cybersecurity evaluation of IoT product to ETSI EN 303 645
• Cybersecurity evaluation of IoT product to NIST 8259
• ISO IEC 15408 Common Criteria 
• Threat Modeling and Risk Assessment
• Vulnerabilities Disclosure Policy workshop
• Web and Mobile Application Vulnerability Assessment and Penetration Testing
• Support on regulatory and voluntary requirements and labeling program 
  • Cybersecurity Labelling Scheme from Cyber Security Agency of Singapore (CSA)
  • Cybersecurity for Residential Gateways Home Routers
  • IoT cybersecurity labelling programme of the US Federal Communications Commission (FCC)
• Training on cybersecurity standards (EN 303 645 and NIST 8259)

Watch our free on-demand Introduction to Internet of Things (IoT) webinar.