A Perfectly Connected World
The Internet of Things is going to see more and more “things” connected to it, and with the way tech is progressing, these newly-connected things are going to be items we never would have imagined “connecting” to before. Today, our lights, door locks and even frying pans are connected to the internet but this is really only the beginning. Sometime in the not so distant future, entire cities are going to be internet-connected. Everything from our cars to mirrors in store dressing rooms to garbage cans will become more efficient and more convenient, all by virtue of the fact that they will be connected to the internet.
IoT Security Concerns
The convenience delivered by the connected devices is certainly unmatched, but concerns surrounding security breaches will also increase as the usage of of smart devices increases. A sole breach of an improperly-secured device could have catastrophic results. The Mirai Botnet attack last November that took down half the internet of the East Coast on the US hopefully proved once and for all that the security of tiny IoT devices matters a whole lot.
As it stands now, manufacturers don’t all that pay much attention to the security aspect of IoT; their main goal is simply to push their products to market. With the severe consequences from breaches that will inevitably result, such as revenue loss and consumer backlash, security will be pushed higher on the priority list. As a result, manufacturers will be forced to deal with the complex task of integrating real authentication and data protection into their devices, while keeping the price and complexity as low as possible.
Who is Responsible for Security?
So far, we have established the fact that there is an ever-growing need for securing IoT devices, but the question still remains: who will take responsibility of the security of IoT devices, let alone deploying and managing them? You may expect manufacturers to be solely responsible for the security of their products, but that’s far from the case.
Think about it – computers and laptops aren’t shipped with pre-installed anti-virus software and strong passwords aren’t built-in. True, it’s the developer’s responsibility to ensure that the product is more or less stable, but the story doesn’t end there; It’s the end user’s responsibility to ensure that he or she is installing the proper security suite, using strong passwords and staying away from sketchy websites. As of now, it’s unclear who will be responsible for IoT security, but ultimately, at least a portion will probably rest in the consumer’s hands.
Encouragingly, some recent trend tells us that developer are now shifting their attention towards device security. 2016 saw an increased emphasis on security in products like sensors, door locks and other IoT-connected devices. Developers have quickly acted upon the realization that products that lack built-in security need to be redesigned and that security-related updates should be sent to devices wherever possible.
According to Andrew Newman, CEO of Reason Core Security, “As the digital attack surface continues to expand, thanks to the explosion of internet-connected devices, it’s easier than ever to lose sight of what’s running on our networks. The scary part is that these devices aren’t being developed with security in mind, which leaves lots of room for vulnerabilities. Attackers are fully aware of this reality and scan networks for vulnerable device connections.” Newman added, “When it comes to IoT, the onus of security is likely going to fall on the consumer at least to some degree and therefore increase awareness and visibility is key to staying secure.”
Security tools like theIoT Scanner review network settings and IoT connection to find those vulnerabilities. When and if any are located, the user is alerted and provided with the steps to remediate any weaknesses. It’s tools like this that are going to help make the Internet of Thing not only convenient but also secure.”
It would be great if the IoT industry would take charge to educate people about securing their smart devices similar to how the PC industry has been creating security awareness among its users. But until this is the case, it’s going to be up to the end-user to ensure their own security.