Subscribe to Email Updates

Subscribe

rsz_mr_t_2.jpg

We need IoT security standards, and we need them now!

By Luana Pascu on Nov 17, 2016 | 0 Comments

Could IoT be missing the mark? To get real value out of this technology, companies and even governments have to come up with standards and a coherent plan to let smart devices improve our lives as they are meant to. Right now, the industry is acting irresponsibly by only focusing on user experience to steal a march upon their competitors.

Recent distributed denial-of-service attacks launched by half a million connected devices-turned-botnets have raised a red flag for the industry and some lawmakers. The smart devices were infected with Mirai malware, which allowed hackers to control them from anywhere in the world. Dyn’s DNS was unresponsive, as were the websites of major companies such as Twitter and Amazon.

The industry needs a more forward-thinking approach and stronger encryption. The importance of establishing some basic universal cybersecurity regulations can no longer be ignored, especially since smart device ownership per family in, for example, Germany, has reached 15 and is rising, Bitdefender CEO Florin Talpes explained in a panel talk about cybersecurity at WebSummit last week.

“The attack does reveal a new level of vulnerability, and I’m trying to make it clear ... that this is not a problem that the government ought to be the first actor in solving,” Sen. Mark Warner (D-Va.) said when asked about the IoT botnets in an interview for ComputerWorld. “IoT ought to be an area where industry collaborates and if they can set standards first, that’s good.”

What raises concerns is that companies have been too focused on user experience and not enough on robust security. But, luckily, some countries are working on improving cybersecurity. Having one of highest percentages of STEM graduates, Romania has become a true tech hub, strengthening the position of Eastern Europe as the strongest cybersecurity pool in the world.

Iot devices are digital doors for hackers to enter our lives, but not all connected devices, such as DVRs, allow the installation of security agents.

“Poor security means devices that are not password-protected but are communicating with the internet and storing Wi-Fi credentials. It’s like opening your door and inviting everyone to see your house without you knowing it,” clarified Talpes. “There are even websites that offer free visits in different houses whose cameras have no protection set. Your life could be exposed at any time because it’s legal for video streaming to be shared publicly.”

Security experts worry that users are not properly educated to protect themselves from hackers, and they keep repeating the same mistakes – weak passwords that they reuse, not changing factory settings on devices and not updating software. But neither are they educated to demand better security in the products they buy.  

Cloud service providers need to be prepared to safeguard the data of their customers by building layers of security. By collecting and analyzing data, significant progress can be made in predicting failures.

Although users carry great responsibility, let’s not forget that manufacturers and lawmakers need to step in because “the move to the cloud is part of the transformation we see today, so you can’t avoid it,” believes Talpes. With all the attack data flowing around, a great step forward would be for the high-tech industry to adopt communication, privacy and security standards, as this is a “giant weakness for development today.” Even though there are some isolated projects in this area, they are not properly linked. 

    • continuous sec
Share This Post On

Author: Luana Pascu

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.