Security and Trust Issues in IoT

Cyberattacks seem to have been a staple of the headlines of recent weeks with ever more ambitious infiltrations and eye wateringly huge demands unfolding. One of the consequences of COVID-19 and the change it has brought to working practices is a huge increase in security threats. A survey on behalf of Atlas VPN indicated that nearly 80% of businesses worldwide have reported increased breaches as “Work from Home” policies became the new norm.

So huge is the impact of ransomware that Mandiant, experienced leaders in resolving issues caused by attacks, can no longer cope with demand for their services. In a recent interview for NBC News, their CTO revealed they were being swamped with cries for help and could barely keep up.

Security has always been an issue but, for many enterprises, it has not always been a priority. However, with the past decade showing an increase in malware attacks of nearly 6500% things have got to change.

Security in the Internet of Things

The IoT is forecasted to begin a stellar expansion in the coming few years, so cannot possibly continue to exist without reliable end-to-end security measures being put in place. The diversity of the IoT market requires a flexible security framework and light touch regulation that guarantees the security of the market while encouraging growth and successful development of the IoT. The mobile industry has extensive expertise in providing secure, reliable solutions, and is best placed to shape and carry out an appropriate security framework that meets these requirements.

Why then, has it proven such an impossible task to secure the IoT when it would seem fairly fundamental to its functioning? Until recently, legislation about device security has been patchy geographically, with laws introduced in the UK and in specific US states (e.g. California) but legislation will continue to be enforced and compliance will become more of an issue for enterprises. 

In addition the IoT brings its own peculiar challenges. IoT devices are infinitely varied, with many being small and of limited memory. These simple devices are incapable of the complex processing needed to support cryptographic functionality and in many cases their operating systems can not be updated to cope with new threats. Being relatively unsophisticated and often in vulnerable locations, IoT devices make easy targets for tampering.

There can be no ‘business as usual’ for cybersecurity anymore, the new normal will be about being cyber risk-aware at all times. Companies have to take responsibility to embed security from the beginning, at every stage of the IoT value chain, to enable a secure and trusted market that all stakeholders can rely on. They need to build trust, take measures to protect their customers, and respond to emerging requirements with a unified and collaborative approach.

Trust will become the very tenet that the IoT is founded on. Not only at an enterprise-customer level, but between devices in any network as well – but just how can we unify billions of devices and harness them to work in harmony if we should trust no one?

IoT – Secure By Design?

Pod Group’s CTO Networks, Alistair Elliott and a panel of industry experts explore how to build trust in a digital age and what best practices should be implemented in this MEF CONNECTS Cyber Security webinar chaired by IoT Advisor Andrew Parkin-White.