Should IoT security be an afterthought?

The internet of things (IoT) landscape is one of continuous expansion. According to research and advisory company, Gartner, the number of connected things will reach 20.4 billion by 2020.

Smart lightbulbs, virtual assistants, driverless cars- the growing number of IoT devices are revolutionizing both business and home.

From something as simple as ordering a pizza through your smart speaker to facilitating cities in meeting the challenges of rapid urbanization; both the economic and social opportunities of the IoT ecosystem are unlimited.

But as the number of connected devices continues to rise, as do the questions and concerns surrounding security vulnerability in the IoT infrastructure.

It seems that along with the scale and pace of IoT adoption comes new security challenges.

Consumer association site Which? identified concerning security vulnerabilities in connected IoT toys that would enable a stranger to talk to a child.

Furthermore, the advent of botnets such as Mirai has presented the large-scale impact of insecure connected devices. The large distributed denial of service (DDoS) attack left much of the internet inaccessible on the U.S. East Coast in 2016.

Compromised security of IoT devices can have major consequences. This includes monetary loss, confidentiality leaks, and the possibility of potential health record tampering.

But a comprised IoT ecosystem can cause much more damage than a dent to your budget. One breach has the potential to be life-threatening; an autonomous vehicle could cause a fatal accident, or a health wearable could stop providing life-sustaining aid.

Such stories have led to companies feeling uncertain about whether the devices connected to their networks are secure.

According to a survey of over 500 executives by Forbes Insights, of respondents, 39 percent said IoT programs at their companies have been delayed due to security concerns.

The ever-increasing number of attacks raises the question as to whether the security factor is a mere afterthought in the design process of IoT devices.

According to one study by information technology company HP, up to 70 percent of IoT devices are exposed to attacks due to vulnerability flaws in their software- many using encrypted software to transmit information.

Does more need to be done to address this growing problem?

It does seem like there is some progress being made to address the security concern of IoT devices and ensuring that security by design should take priority.

In March this year, the UK Government released a policy paper outlining proposed requirements for manufacturers of IoT devices.

The paper detailed certain actions that should be taken to better protect IoT devices from the growing landscape of security threats. Among the actions suggested in the draft code of practice were:

• No default passwords.
• All companies providing IoT devices and services must have a public point of contact for reporting issues.
• Companies must keep all IoT software updated
• Personal data should be processed in accordance with applicable data protection laws.

In August last year, the US also introduced legislation that would establish minimum cybersecurity standards for IoT devices. In short, the bill directs government agencies to include certain clauses in their contracts that demand security features for any internet-connected device they will be acquired by the US government.

While Government laws and regulations concerning the security of IoT ecosystem is much needed to address the problem, responsibility also lies with the businesses who adopt the devices.

Among many things, this includes the need for end-to-end encryption of devices, two-factor authentication, company policies regarding IoT devices, and the continuous monitoring of the health of IoT devices.