The Internet Society (ISOC) has published a detailed report that highlights the “pressing need” for IoT security. According to the organization, connected devices add enormous complexity to an already complex security environment. Consequently, there is an increased potential for real-world cyber threats to damage physical assets and even harm human life.
“We are adopting IoT faster than we can secure it,” the authors of the report explain.
“This rush is accelerated by the increasing number of new entrants and the push to quickly release Internet-connected devices produced without prioritizing security. The Mirai attack of 2016 starkly shows the effect plug-and-play and remotely-managed IoT devices can have on the broader Internet.”
According to the ISOC, many connected devices currently on the market are equipped with only limited, built-in security measures that won’t be updated.
“[The] explosion in the number of connected devices — in transportation, wearables, health, smart homes and alarm systems —alters the cyber threat landscape in unprecedented ways,” the report continues. “All stakeholders, from users to manufacturers to governments, will need to be more security aware and work together towards a more comprehensive and resilient security environment.”
A sustainable and effective long-term solution, says the ISOC, will require ongoing collaboration, along with a commitment by manufacturers and service providers to incorporate privacy and security in their design processes – from initial conception to long-term support and updates.
“We need to address IoT-related security issues before we can realize the full benefits of the Internet economy,” the report emphasizes.
As we’ve previously discussed on Rambus Press, IoT devices, as well as the data they generate, must be protected against a wide range of cyber threats. Indeed, vulnerable endpoints can be hijacked and even physically disabled, while unencrypted or unverified data transmissions can be intercepted, leaked or spoofed. A leak or deliberate falsification of sensitive customer data will inevitably damage a brand and decrease consumer confidence in IoT devices.
Despite the real-world risks, service providers and OEMs are understandably concerned that implementation of a comprehensive IoT security solution could potentially incur additional costs and delay time to market. As such, the most effective IoT security solution is one that does not negatively impact profitability or time to market. Put simply, a practical and secure solution that can be easily and widely adopted by service providers is far more effective than a ‘super solution’ with only limited adoption.
