If there’s one area of technology that still hasn’t fully grasped the scale of cyber security threats facing the world today, it’s the Internet of Things (IoT).
It’s well documented that the number of IoT connected devices is increasing at an exponential rate in industries such as healthcare, agriculture and smart cities – and will continue to do so for the foreseeable future – but securing these devices is still largely an afterthought.
It’s an issue that we hear about on a weekly basis. From vulnerabilities in connected ovens, to flaws in internet-connected cameras and the now-infamous Mirai botnet which caused havoc in the UK, examples of hackers exploiting poor security architectures in IoT devices are everywhere.
For obvious reasons this is a mindset that simply can’t continue and Rik Ferguson, vice president of security research at Trend Micro, has called on device manufacturers to recognise these risks and start putting security front and centre.
“It’s important to recognise that Iot is not the future, IoT is the present. It’s already embedded in many industries,” he said, speaking this week at InfoSecurity Europe 2017.
“The problem is that, by and large, the people responsible for the creation of this continuum of technology care little or nothing about security. Their driver is the creation of the market, how do I get to market first and how do I capture the customers? The people responsible for developing this technology are not thinking about security.”
The responsibility to change this mindset, he said, currently sits with consumers. Businesses and individuals need to start asking questions of manufacturers and driving security requirements rather than just focusing on the functional aspects.
But, Ferguson also warned that there will only be a finite amount of time for consumers to take this opportunity. Once IoT is more deeply integrated into smart cities “you can no longer be responsible because you no longer have control. You’re simply living in an environment created by smart and connected technology, so the choice is being taken away from you.”
What is your biggest cybersecurity concern?
The security industry as a whole also has a responsibility to drive the knowledge and awareness that security needs to be an integral part of IoT but, ultimately, it’s down to manufacturers to change their approach.
“If you’re a company responsible for the creation of these kinds of devices you’ve got to recognise that you can’t do it alone and you need to reach out to the security industry, to experts, to researchers, to partners and realise the importance of security and the fact that there are skillsets out there that can help you build a more secure ecosystem.
“Attacks are already real, this stuff is happening now. It’s our future that we’re talking about and we owe it to ourselves to make sure that future is secure.”
Do you know all about the Internet of Things? Take our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
View Comments
This applies equally to manufacturers of HW and SW on the internet. If there is to be overall security, Windows. Linux, DNS memory, CPUs, disk etc must undergo change to fit in with any cybersecurity architecture design, the only solution to this problem. I have been banging on about this architecture for a year or more to anyone who will listen but nobody will. That includes senior people who say that there must be a solution a la the one I propose but do nothing even when I contact them with the clear evidence that things are going from bad to worse. It is a clear parallel to Mark Twain's comment: 'Everybody is talking about the weather, nobody is doing anything about it.'
The malware hits at the end of this year will show that current HW/SW and current methods are not up to the job.