Hello everyone. I'm gr Malu. I'm a cyber risk consultant. I'm super excited to be here today and I will be sharing the strategies to secure the digital backbone of our modern world IOT supply chains. This presentation is made up of my research and GRC expertise working with the highly regulated industries. Let's move on to the next slides and learn the practical ex examples and the strategies to save IOT systems. In this slide we talk about the hidden threat and let me start this slide with an example and a quick story. A hospital I consulted for a small four pump from a trusted vendor and the vulnerability hidden tape in the ware inserted during the manufacturing. Which allowed un authorized taxes and one component one mistake, and the patient's security safety was at risk, right? This was, this is what makes iot supply chain attacks so dangerous and vulnerable attacks don't break in through the front door anymore. And the hitch in the right trusted software updates or embedded component. And because the test is implicit and no one checks the, and no one even expect that, and the risks, they're not just limited to one sector. These attacks affect smart homes, hospitals, schools, airports, manufacturing floors everywhere. And let's move on to the next slide. Here, let's talk about the AL security gaps. Unfortunately, we're still playing a catch up. Many companies don't have proper vetting for their suppliers. Security testing happens too late, if at all. If at all. And a lot of networks don't even have real time monitoring. But there is a hope. But we, yes. Seeing powerful tools emerge in this modern world, automated vulnerability scams, tamper proof hardware, behavioral analytics, that flag anomalies before we occur. We just have to be willing to adopt these modern technologies into our environments. Let's move on to the next slide. Here we talk about real world attack examples. You may remember the Mirai botnet. It is, it used the default passwords on baby monitors and cameras to create a global DDoS attack. It's not. Thermostat can become a digital grenade. I have also worked with the logistics organization where smart scanners were hijacked via compromised firmware. The attackers gained the foothold into the backend systems, and it's not a fiction, it's reality, and you can imagine how huge the impact could be. Let's move on to the next slide. This slide, let's talk about the complex attack surface. There are major areas. The vulnerabilities can maintain things like microcontrollers, different countries, and often include hidden and software. Third party code and open source packages can be out dated or malicious. Manufacturing contract factors may not follow security processes, updates matching. Imagine if your device update server gets hacked and suddenly malware is pushed as in trusted. Update cloud services if attackers breach your backend. The control, they control every device connected to that. So let's move on to next slide. Here, let's talk about the evolving threat landscape. We're not just fighting solo hackers anymore. Nation states are involved. Ransom gangs, target hospitals through iot devices. And these devices are quietly required to, into encrypted botnets and crypto mining. Botnets and personal data from smart homes is being sold on the dark webs. It's our toaster talks. If our toaster talks to our light hub and they both talk to our wifi, that's a huge meh of risk. Let's move on to next slide. Here we talk about fortifying our iot ecosystem. And what are the, we had talked about the challenges and problems, and let's now talk about the solutions. So we need a design secure systems from the very beginning. So that's what secure by design practices, not patch them after the fact, right? So think of building earthquake proof buildings in California. You don't wait until after the earthquake to reinforce the structure. So secure by design practices testing the vulnerabilities at each stage would help, really help. Let's move on to the next slide here. We talk about secure by design principles in more detail. Some must have secure by design principles. Start with the threat modeling when designing the new product. Use hardware security features like Secure Boot. Assess your suppliers like you assets your new hires, right? Check their backgrounds and if they have any secu security breaches history. So like that and maintain software will love material, so you always know what's running on your devices. Let's move on to next slide, which talks about zero trust architecture. Assume nothing is safe. Zero trust means every device, every request, every update must prove its authenticity and legitimacy. Each device should have a unique identity. Devices should not talk to the services they really need. All communications must be encrypted. Devices should only get access. They're absolutely needed. So technically, the role-based access, and let's move on to the next slide here. We talk about behavioral analytics and anomaly detection. We can no longer rely on, only on signature based detections. Attackers evolve faster than signature databases do. Instead, your use behavior modeling, if your device suddenly sends 10 multiple multiples of tens, seven hundreds, it's unusual traffic at 2:00 AM right? And it's worth checking and keep monitoring that kind of, the sudden behavior. Think of it like in Fitness. Tracker knows your usual heart rate, and so when it spikes without any explanation, it alerts you. And let's go to the next slide here. We talk about the incident response strategy. You need, every organization need a strong incident response plan that works into especially the iot. And so here, let's talk about the different steps here. Let's start with the detection monitor, both digital and physical anomaly anomalies and containment. Don't shut down the whole network segment. It's segment it smartly, and investigation use iot specific forensic tools. Remediation remediate, distribute, clean will, were securely and post incidental learn. From the incidents and share the best practices, what you have learned from the incident, and improve your internal systems and processes and controls. Let's move on to the next slide. Implementation roadmap. You don't need to solve everything at single step or overnight. Start with a maturity assessment. Then follow the steps, eliminate default passwords, increase the password policy change the password policy strengthening the password and do basic segmentation. Build cross-functional teams across security, supply chain and product. Track metrics, live metrics, real time metrics to detect time time to fix them. And let's move on to the next slide. So in previous slides we talked about the implementation roadmap and here. Let's talk about proven results of implementing those security standards and how that roadmap helps you. Organizations that adopt these practices experience fewer breaches, maintain uptime during, detect issues, early and significantly reduced tampering incidents. So these are very helpful. To detect the issues early, vulnerabilities early, and to keep the systems safe and secure. Let's move on to the next slide, the path forward. So we have gone through the issues, real time examples and the roadmaps, best practices, and the proven results. Now let's see the what's next? Manufacturers need to prioritize security, even under pressure to cut costs, right? So the cutting the cost should not compromise the quality or security anymore. Supply chains must become more transparent. Organizations must invest in long term and not cheapest part. And we need better regulations and continuous innovation, especially around lightweight cryptography for Internet of things. And let's move on to the next slide here, securing the connector Future. Let's talk about how iot security is not just a checkbox and it's a commitment. So we need the technical excellence, yes. But also the collaboration and cultural shift. It's, it everyone in the organization should feel that it's their responsibility. It's not just the risk and security teams to secure the organization. It's everyone's responsibility. And being aware of the threats and risks happening in the industry is very much important. We need technical excellence, but also the collaboration, the cultural shift, as I discussed the collaboration with the different teams in the organization is very much important. Let's stop waiting for the next big act to act. Let's build trust into our connected future. And let's move on. And these are. Thank you so much for being here today and I hope this gave you some practical insights and inspiration towards securing the IO OT supply chains and I'm happy to connect and continue the conversation. Please do connect with me on LinkedIn and share your thoughts. Thank you so much.