The IoT (which also stands for the “Internet of Things”) is
a term that is used to describe both the interconnection and the interaction of
the daily objects that we interact with both in the virtual and physical
worlds.
Some of the best examples of this are virtual personal
assistants of both Siri and Cortana, which can be found on both iOS and Android
devices. But of course, there are also
more sophisticated IoT devices than that, such as a smart TV, smart car, smart
coffee maker, etc.
While these products may have their set of advantages to an
end user, they also come with their own share of Cybersecurity risks as
well. For example, with all of the
interconnectivity that is occurring, the attack surface for the Cyberattacker
grows by that much more.
And unfortunately, many of these wireless communications
that take place are often unencrypted.
Worst yet, the vendors that manufacture these IoT devices don’t even
build in strong security functionalities.
At best, they may offer a set of minimal controls, which is
nothing much really, in the end. The
concept of IoT has been around for quite some time, but as I mentioned in
yesterday’s blog, the adoption of this did not proliferate until the COVID-19
pandemic occurred.
But the biggest problem here was that of the meshing of both
the home and corporate networks. Even to
this day, the growth of IoT devices is going up at an exponential clip.
For instance, at the present time, there are more than 1
billion devices that have found their way onto the Internet. In other words, this what it is on a global
basis, and there will be many more to come.
Much more statistics and details on this rate of adoption can be seen at
the link below:
https://techjury.net/blog/how-many-iot-devices-are-there/
But now it comes back to this question: Why can’t the IT Vendors offer more security
into the IoT products that they manufacture??
One of the key reasons here is sheer cost. IoT vendors are pushed to come out with
products at a breakneck speed in order to fulfill the escalating demand for
them.
As a result, putting in more security controls simply
becomes an added expense, which they unfortunately view as unneeded.
But this can only go so far.
There are other industries which make heavy use of IoT devices as
well. The healthcare industry is a prime
example of this. Gone are the days of
having “analog” like equipment, now everything is all digitized and even IoT
based.
Because of this, a Cyberattacker can easily hack into a
medical device, change the settings around of a pacemaker that exists in
patient. From here, either the heart
will start to flutter out of control, and perhaps even causing death to the patient.
So as you can see, security devices for IoT devices really
needs to be taken quite seriously. It’s
one thing if a Cyberattacker were to jack into your smart coffee maker, but a
medical device? That is a whole
different ballgame altogether, with horrible consequences all together.
Now you might be asking, “What exactly are these costs that
the vendors don’t want to think about”?
Well, here is a sampling of them:
1)
Trained personnel are needed:
If one expects an IoT vendor to add
in the latest security controls, it all comes down to hiring the staff needed
to design them, and to make sure that they are implemented properly, and that
will be safe to the end user. But hiring
these kinds of people takes more money, something which no IoT vendor wants to
do.
2)
More costs into the product:
If more security controls are going
to be implemented, that is going to drive up the costs of the hardware and
software of the IoT device. But this can
be transferred down to the customer, and it does happen in reality, they will
simply go to a lower cost competitor.
Because of this, the IoT vendor could even be pushed out of business,
which they don’t want to happen.
3)
Connecting the IoT devices:
Pretty much all IoT devices now
connect with each other through wireless networks. Now if you have just one or two devices, the
costs of connection should not be that much.
But now if you something like a Smart Home, the costs can really go up
per wireless connection.
4)
The User Interface/User Experience:
The acronyms for both of these
respectively are “UI” and “UX”. In order
for an IoT to remain competitive, they need to have a fancy interface that is
unlike what anybody else. But once
again, this involves hiring a team of developers that can accomplish this
task. But once again, this is going to
cost more money. Thus, in order to keep
up, IoT vendors just have to have build a somewhat better mousetrap from their
competitors, which is far cheaper than hiring a UI/UX developer.
My Thoughts On This:
Obviously, this is a catch 22. The vendors and the customers don’t want to
have higher costs, but unfortunately, it is going to have to go up if higher
levels of security are going to be realized.
In fact, there have been some pieces of legislation to put pressure on
the IoT vendors in this regard. In fact,
California passed an IoT law to this effect, and more information on it cab
found at the link below:
https://www.security.org/blog/california-passes-first-cybersecurity-law-iot/
Also, the FDA is also now starting to crack down on
Cybersecurity for medical devices that are IoT based. Bu whatever maybe passed and/or enacted,
security must be addressed soon into IoT products. It would be easy to say that IoT devices
should no longer exist, but this will never happen.
There have been some recommended best practices that IoT
vendors should follow, such as:
*Using a Cloud based platform (such as Microsoft Azure) to
push out software updates and patches at no extra cost to the consumer;
*Even having independent third party entities provide an
honest, unbiased assessment of the IoT device in question from the standpoint
of Cybersecurity.
Now these two items should not cost much money, and it is
something that IoT vendors can adopt rather quickly. But to somebody who wants to buy an IoT
device or two right now, do your homework first. And when you buy a
device, don’t ever rely upon the default security settings set forth by the IoT
vendor. Make sure that you configure it
to your own security requirements!!!
No comments:
Post a Comment