informa
4 MIN READ
Commentary

The Time Is Now for IoT Security Standards

Industry standards would provide predictable and understandable IoT security frameworks.

The Internet of Things industry's lack of cybersecurity standards is nothing new. We’ve been at this for years. However, with the number of devices expected to surpass 25.4 billion by 2030, and given the recent increase in cyberattacks and threats, it’s clear the situation has risen to crisis levels.

This perfect storm of threats can be extinction-level events for organizations and have detrimental effects on natural resources, economies, governments, and much more. Unfortunately, such threats often begin with unsecured connected devices. Acting as a double-edged sword, connected devices play a crucial role industrywide in day-to-day business operations and solutions, but pose a grave security risk to both enterprises and consumers.

Whose responsibility is it to keep these applications secure? The public sector often points the finger at vendors and brands, but it also has a responsibility to carefully research and choose its vendors and partners. Technology companies, for their part, are responsible for helping to mitigate vulnerabilities and privacy and security flaws. While both the private and public sectors can agree that we must address these issues and create a more secure environment, the solution, however, is where the real challenges lie.

Synchronized Security Standards

There are many reasons why today’s devices and mobile applications are insecure, but they all boil down to one thing: There hasn’t been one set of cybersecurity standards until now. IoT product manufacturers must make it a priority to test and certify their products against these security standards to show their consumers that their product offerings have gone through a security certification process. For innovation to evolve, there’s a critical need to follow a set of global, synchronized security standards that will keep everyone on the same page and bring clarity to the future of IoT security.

Brands and manufacturers can hire the best security leadership, bolster security infrastructure, and even mandate companywide cybersecurity training, but it's simply not enough. An industry standard would provide predictable and understandable frameworks to incorporate security into mobile apps and IoT devices — from inception, to testing and third-party validation before going to market, to end use.

With more unique cybersecurity events happening as major world events occur, the time has come to double down on security efforts. Testing and third-party validation is the way to go, giving peace of mind to organizations, partners, and customers.

Hackers' Affinity for IoT devices

It’s a never-ending game of cat and mouse — as innovation increases and we become ever-more connected, hackers continue to bring their A games. With more connected devices and buildings becoming interoperable, hackers have become more sophisticated, using connected devices to gain access to — and wreak havoc on — critical infrastructure. Both B2B and B2C businesses must prioritize offering customers secured products, and customers should be made aware of such options and processes. Transparency of security processes and availability of secured products is crucial to achieving a more secure world.

Remote Working – It's Not All Fun and Games

The global pandemic summoned the age of remote work. As a result, there's been an uptick in employees using personal smartphones and laptops while logging in to company VPNs to perform their job duties. This presents an increasingly high security risk, but organizations that provide managed devices with a zero-trust model in mind, secured VPNs, and connected devices that have undergone certification and testing will avoid potential security breaches.

Lack of Data-Sharing Across the Industry

Today's data-sharing efforts across the industry are insufficient and shine a light on a critical aspect of today’s cybersecurity challenges: sharing and making use of information. The time has come for the global industry to unite, collaborate, and embrace a set of baseline security requirements. This includes data sharing, to help build a more secure cybersecurity landscape and, therefore, a safer world. This can be achieved through testing and third-party validation of IoT devices, in addition to fostering a community — a global think tank of security thought leaders — that is tenaciously looking to advance the greater security ecosystem through sharing crucial data and engaging in creative brainstorming.

Forming a United Front to Fight Cybercrime

Many in the cybersecurity industry have found themselves at a crossroads: Either continue operating as individual entities, all pining for the same goals, or begin tackling cybercrime head-on as a united front by joining those that have already unified under a harmonized set of security standards.

Further implementing standardized solutions industrywide will not only create additional industry standards, but will also continue to hold companies accountable to those standards. Such security standards and guidelines are centered on compliance, transparency, and visibility. By further cultivating a community in which ideas about security solutions are shared, organizations can be on — or close to — the same page and therefore in a more secure place. Harmonizing standards and solutions brings higher visibility and clarity to the state of security at any given point in time and paints a better picture of what the future holds. Hackers have a harder time keeping up, and, as an added bonus, the industry is able to foster greater transparency with partners and customers.

Editors' Choice
Elizabeth Montalbano, Contributor, Dark Reading
Ericka Chickowski, Contributing Writer, Dark Reading