Discussion
The good news is that IoT doesn't mean that security policy needs to be entirely rewritten, as a lot of the same rules that I've covered in depth apply. Training, global awareness, security, and Zero Trust are extremely relevant in this chapter, as is procuring devices that are built from the ground up with security considerations in mind. Understanding people, processes, and technology is still the bedrock of effective cybersecurity within your organization, and IoT is a just another item on the growing list of responsibilities for cybersecurity professionals.
Cultural change
Barbara offers excellent advice for organizations when she points out that cultural change must be driven from within. She puts emphasis on practical and no-nonsense policies that are imperative to maintaining your cyber hygiene in the age of IoT. Moreover, she touches on a theme that I repeat throughout this book regarding the shared nature of responsibility in cybersecurity...