Infosec 2017: IoT Manufacturers Have To Recognise Security Risks

IoT, internet of things

Time for device manufacturers to step up and start taking security seriously

If there’s one area of technology that still hasn’t fully grasped the scale of cyber security threats facing the world today, it’s the Internet of Things (IoT).

It’s well documented that the number of IoT connected devices is increasing at an exponential rate in industries such as healthcare, agriculture and smart cities – and will continue to do so for the foreseeable future – but securing these devices is still largely an afterthought.

It’s an issue that we hear about on a weekly basis. From vulnerabilities in connected ovens, to flaws in internet-connected cameras and the now-infamous Mirai botnet which caused havoc in the UK, examples of hackers exploiting poor security architectures in IoT devices are everywhere.

InfoSec 2017

IoT security

For obvious reasons this is a mindset that simply can’t continue and Rik Ferguson, vice president of security research at Trend Micro, has called on device manufacturers to recognise these risks and start putting security front and centre.

“It’s important to recognise that Iot is not the future, IoT is the present. It’s already embedded in many industries,” he said, speaking this week at InfoSecurity Europe 2017.

“The problem is that, by and large, the people responsible for the creation of this continuum of technology care little or nothing about security. Their driver is the creation of the market, how do I get to market first and how do I capture the customers? The people responsible for developing this technology are not thinking about security.”

The responsibility to change this mindset, he said, currently sits with consumers. Businesses and individuals need to start asking questions of manufacturers and driving security requirements rather than just focusing on the functional aspects.

But, Ferguson also warned that there will only be a finite amount of time for consumers to take this opportunity. Once IoT is more deeply integrated into smart cities “you can no longer be responsible because you no longer have control. You’re simply living in an environment created by smart and connected technology, so the choice is being taken away from you.”

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ... Loading ...

The security industry as a whole also has a responsibility to drive the knowledge and awareness that security needs to be an integral part of IoT but, ultimately, it’s down to manufacturers to change their approach.

“If you’re a company responsible for the creation of these kinds of devices you’ve got to recognise that you can’t do it alone and you need to reach out to the security industry, to experts, to researchers, to partners and realise the importance of security and the fact that there are skillsets out there that can help you build a more secure ecosystem.

“Attacks are already real, this stuff is happening now. It’s our future that we’re talking about and we owe it to ourselves to make sure that future is secure.”

Do you know all about the Internet of Things? Take our quiz!