InfoSec 2016: IoT Security Needs A Serious Shake-Up, Says Sophos


Sophos researcher tells us why flaws in the toys of today could cause major security worries in the future

The explosion of connected Internet of Things (IoT) devices could actually be raising the risk of serious security risks for businesses and consumers alike, it has been warned.

Speaking to TechWeekEurope at the recent InfoSecurity Europe 2016 event in London, James Lyne, global head of security research at Sophos, said that lives could potentially be put at risk in the future if proper guidelines for IoT products are not enforced.

“Some of the new trends are astounding – they’re innovative, they’re clever, I think they could snare a lot of people in the actual IT security business,” he told us.


Lyne explained how Sophos investigated the security of a wide range of IoT products, but worryingly, found that the security of many devices is seriously lacking.

“IoT security has been compressed down to this one topic, but within that is the serious, obvious scenarios that affect life and limb…and a wealth of things that are considered toys, which have security that is so backwards, it’s like PC security for 8 or 9 years ago,” he told us.

“Looking at these horrifying flaw – which we found in volume – shouldn’t we as an industry improve the security of these toys whilst they’re still toys, and before they have life and limb impact or before they’re in the networks of small businesses?”

“There is a real case for systematic improvement within the industry of IoT producers, and it’s an area we need to watch closely.

“The market is ultimately shaped by consumer decisions, and right now, most of these devices are bought for their functionality, but people don’t give a lot of thought to the fact that it’s a computer, as well as the type of data being held there, and the level of security – I don’t think it’s a criteria yet, but it needs to be.”

Check out the rest of the interview with James here: