Sitting down with Brad Ree, CTO of ioXt Alliance, Aviva Zacks of Safety Detectives got a broad understanding of why a company should become ioXt certified.
Safety Detectives: Tell me how you got started in the cybersecurity industry and what you love about it.
Brad Ree: My first professional experience in the cybersecurity industry was in 2000 when I was working on cable modems for hotels and apartments. At that time there were no industry standards for cable modems and we had to develop methods to authenticate modems to the network, protect users’ traffic, and prevent theft of service and snooping of customer data as it all went across one shared network. What I love about cybersecurity is the fun of thinking like an attacker and then the challenge of building countermeasures that can scale across millions of devices.
SD: What is the main service your company offers?
BR: The ioXt Alliance works with leaders across major tech and manufacturing companies such as Google, Amazon, Facebook, and Honeywell, to create global privacy and security standards for connected products and mobile applications. Our goal is to build a more secure Internet of Things (IoT) ecosystem so that there will be an increase in transparency across all stakeholders, from the manufacturer to the buyers and consumers and that all end-users can be confident in the products they use. With our global approach, the ioXt Alliance has been able to create agreed-upon security requirements and testing processes to better protect all end-users from cyber attacks.
SD: How does a company get ioXt certified and why?
BR: There are two options that companies can choose from in order to receive the ioXt SmartCert through the ioXt Alliance Certification Program: 1. getting products tested at one of our partnered, third-party security testing labs, or 2. self-testing and -certifying their products and having the results validated through a third party in order to accommodate for the large quality that needs testing. Each of these third-party security labs have a deep history in compliance and security testing at a global scale and are well-versed in the ioXt Alliance security standards.
Regardless of the certification path, products are tested against the ioXt Alliance’s eight pledge principles that provide clear guidelines for quantifying the appropriate level of security needed for a specific device within a product category. Once a product meets or exceeds these requirements, they receive the ioXt SmartCert, a visual queue that a device has been tested and approved by the ioXt Alliance. By having industry standards to abide by, manufacturers are held accountable for their products, ensuring that users will be protected from future malicious activity.
SD: How do you stay ahead in a world filled with cybersecurity companies?
BR: The ioXt Alliance stays ahead by bringing together leading companies to keep our finger on the pulse of the latest trends and current events. With the world rapidly evolving, it’s imperative that we are always nimble and looking for ways to better build confidence among consumers when it comes to buying connected devices, which includes holding manufacturers of these products accountable. By staying ahead of trends with industry leaders, we began to address how we could elevate security and privacy. Recently, we have been faced with prevalent attacks, such as SolarWinds, Colonial Pipeline, and JBS. This trend will likely continue until we will continue to build a better plan for security across all internet-connected devices.
SD: What is the worst cyberthreat today?
BR: The biggest challenge today is the same challenge we have been facing since companies have been competing to be the first in the market to add connectivity to their devices. There are many companies that race to get products into the market and do not make the short-term investments in securing their devices. What is more concerning is that those same companies fail to make any long-term investments to monitor those devices for vulnerabilities, and then continue to staff their product teams to address issues that regularly come up over the life of the product.
SD: How do you see cybersecurity developing now that we are living through this pandemic?
BR: At the height of the pandemic, we started to see cyberthreats increase exponentially, from “Zoombombing” to ransomware attacks, as a result of our reliance on connected devices in order to overcome these unprecedented times. As we lean farther into virtual interactions, whether it’s working from home or storing sensitive information on a connected device, it is important for consumers to be aware of the risks at hand—and the onus to educate consumers falls on the manufacturers of these devices. Between the impact of the pandemic, along with the recent executive orders from the Biden Administration, I think we can expect to see regulations around security tighten up, which could come as a labeling system that displays the level of security built-in, allowing consumers to make more educated decisions on product purchases.