'IoT security needs to stop being an afterthought'

The Internet Society is urging vendors to take more responsibility for IoT security issues
Author:
Publish date:
Social count:
0
1-iot-products-blue-white-web.jpg

The Internet Society (ISOC) has released a whitepaper discussing the issues and challenges of IoT, which urges vendors to take more responsibility for the security issues that can occur.

While the report identifies that vendors and users of IoT devices and systems both have a collective obligation to ensure they do not expose users and the internet itself to potential harm, the ISOC explained: “As a matter of principle, developers of smart objects for the Internet of Things have an obligation in ensuring that those devices do not expose either their own users or others to potential harm.

Duncan Brown, research director, European Security Pratice, IDC, recently told PCR: “Most consumer-focused products are being developed quickly and rushed into market without much consideration for security. This is an attribute of an early stage market, and security is currently an afterthought.”

The ISOC believes that in economic terms, the lack of security for IoT products can result in a negative externally, with the cost imposed by one party on the other.

The ISOC noted that one example of this is pollution of the environment: “The issue is that the cost of the externality imposed on others is not normally factored into the decision-making process, unless, as is the case with pollution, a tax is imposed on the polluter to convince him to lower the amount of pollution.

In the case of information security, an externality arises when the vendor creating the product does not bear the costs caused by any insecurity; in this case, liability law can influence vendors to account for the externality and develop more security products.”

While these considerations might not be new for the IT and tech industry, the scale of the challenges that can arise in IoT implementations make them more significant.

“The general sense is that as the advent of IoT, smart homes and wearables gathers pace, security will be an afterthought,” BullGuard’s security expert Steve Bell told PCR.

“Even then it will only be taken seriously following a high profile breach – such as a smart home being burgled via a remotely controlled fridge or heating system.

"We hope the industry will prove us wrong.”

Find out the 10 ways IoT will change the IT industry here.

Image source: Shutterstock

Related