The IoT security challenge is a popular topic in recent years - many articles have covered the reasons for the challenge and have extensively discussed its possible implications. What has not been well discussed is a surprising fact – while the cyber-attack landscape for embedded devices is growing dramatically, the level of effort required to carry out a successful attack is decreasing.
These two effects will probably lead to more and more devices being attacked while deployed in the wild unless security is implemented in the near future and in a scalable manner that will provide security coverage, against existing and emerging threats, for every device. For a truly effective security implementation, security must be designed into the product, not added post-deployment by the user.
Lack of security slows IoT growth and weakens trust
Enterprise users are rightfully concerned as the financial motivation for attacking connected devices is constantly growing. While the cost of crafting an attack vector is pretty low, there is a huge potential gain from a successful attack. It is probably only a matter of time before attackers initiate additional widespread and large-scale campaigns targeting IoT devices such as the infamous Mirai and VPNFilter that took advantage of devices with minimal or no security.
Businesses deploying IoT devices understand the impact of cyberattacks to their business continuity and reputation, therefore shifting from insecure to secure devices in order to stay one step ahead of the attackers. For that reason, vendors are advised to enhance the security state of their devices – plenty of research shows that investing in security in the short term will lead to higher adoption in the long term.