Tuesday, 18th June 2019
Logo

Regulation is the only way to control the IoT cyber-security threat

Without regulation, the IoT security threat will continue to grow in 2019.

The Internet of Things (IoT) will be the source of more data breaches, as we see mass adoption and rapid growth in the number of connected devices, both in consumer products and the Industrial Internet of Things (IIoT). This is according to business continuity and disaster recovery firm, Databarracks.

The scale of vulnerability of IoT was recently highlighted by Trend Micro, which found flaws in two of the most popular IoT protocols with hundreds of thousands of exposed public-facing IPs uncovered by the study. Additionally, recent researchby Databarracks found that 57 per cent of organisations are concerned about the security of IoT.

The government has been proactive in addressing IoT security risks publishing the Secure by Design report in March of 2018 and introducing a Code of Practice for consumer IoT security. Peter Groucutt, managing director of Databarracks, argues that while the introduction of a Code of Practice is a positive step, it is not enough to sufficiently address the issue of IoT security:

“The content, guidelines and recommendations in the Code of Practice are excellent. It addresses the most fundamental cyber security practices in order of criticality and importance. But the scheme doesn’t prohibit non-compliance. We should take inspiration from countries such as the US and Thailand in seeking to make these requirements legally enforceable.

“Expert estimates vary in total quantity, but agree we’re now seeing sharp, hockey-stick growth in the number of connected devices. A lack of diligence and care now will lead to trouble later.

“Our lack of regulation means we see instances as serious as insecure children’s smartwatches. The Code of Practice will be adhered to by the diligent parties in the IoT supply chain, but it won’t prevent less committed companies favouring profit over security and pushing insecure products to market. The same company that produced these smartwatches was also found to be making insecure video baby monitors earlier this year.”

Groucutt continues, “We often talk about digitalisation and digital transformation in business. From banking to healthcare, more of our lives are digital and online. There is a real difference between the relationship we used to have with technology and the world of IoT. As users, we were more involved with our desktop computer, installing antivirus software and making decisions about how we use it. With IoT devices, we are far less involved, we have less control over settings and we have many more devices to manage. Changes must be made to make the makers of these devices more responsible.

“The Code of Practice is currently only for consumer devices such as health trackers, smart home assistants and children’s toys and monitors. We recommend extending this reach.

“IoT devices aren’t just found in the consumer world. They are used on corporate networks which are only as strong as their weakest links. For example, earlier this year it was revealed that a casino was hacked via a thermometer in a fish tank. We advocate making the Code legally enforceable which is thankfully something the government is already considering and is an approach supported by several cyber experts.

“There is the argument that government interference might limit the UK’s ability to compete with other less regulated markets. But device security is now so fundamental that better regulation could be a competitive advantage and differentiation point for our manufacturers, service providers, developers and retailers.” concludes Groucutt.

New threat intelligence from F5 Labs shows that Europe suffers more attacks from within its borders...
A new survey by Cybera, the leader in SD-WAN Edge application and security services, has found that...
CloudGuard Log.ic provides threat protection and context-rich security intelligence in the public cl...
eSentire has released its Q1 2019 Quarterly Threat Report which reveals that 8% of externally-facing...
UK large enterprises use the most security tools although 1 in 5 in the DACH region plan to increase...
Financing to drive further global expansion in the $12.7 billion cloud security market.
As C-level executives engage more frequently in incident response and threat hunting, more IT profes...
Imperva will integrate the Distil Networks’ solution into the Imperva security stack to deliver comp...