Safer Internet Day: Why security by design is a priority for the IoT

Last updated: 10 November 2022

If you tried to list all the internet-connected devices that you use on a daily basis, you’d end up with a very long list. The intertwined network of connected devices continues to accelerate at a rapid pace. These connected devices can make our everyday lives easier – whether it’s checking on the security of your home from afar, setting yourself important reminders via your virtual assistant, or helping us stay connected with friends and family during the pandemic.  

However, this increased connectivity does come with its challenges. The increase in devices and interconnectivity provides more opportunity for hackers and other bad actors to take advantage; something that we’ve unfortunately seen increase during the pandemic. These hackers are capitalising on the fact that many of these devices have become integral to our everyday life.  

As today is Safer Internet Day, we wanted to take the opportunity to look at the efforts being made to secure these devices.  

The importance of security by design 

Cyber attacks no longer take us by surprise; unfortunately, they have become all too common place – making cybersecurity by design so important.  

Cybersecurity by design is like when an architect draws up plans for a building. The main security features are there from the outset. Requirements may vary – a military base would need more alarms and authentication measures than a residential property – or change over time, but the aim is the same: protection in line with the level of perceived risk.  

The same principle should apply to devices and IoT security should be built in right at the design stage. One compromised device not only compromises the data and safety of that one device – but increases the risk for every other device connected to that network. With the lines between personal and professional data blurred even more thanks to the pandemic and hybrid working measures this could be a recipe for disaster.  

Rather than tackling problems retrospectively, which often turns out to be very costly, cyber security experts are now building in more protection from the start of the product life cycle. While you can never guarantee zero risk in the digital world, risk analysis is essential, and integrating security from the start is a must-have. Otherwise, major problems can arise. In the event of an attack, security measures that were not incorporated at an early stage can end up costing 10 or 15 times more, not to mention the reputational damage that such failures can cause. 

Taking action  

We’re starting to see governments taking action in securing internet connected devices. In the UK it was recently announced that Members of Parliament will debate a new world-leading law to keep consumers’ phones, tablets, alarm systems, fitness trackers and other devices secure from cybercriminals. 

This game changing law will place new cyber security requirements on the manufacturers and sellers of consumer tech that connects to the internet. This bill will also ban easy to guess default passwords – often the first port of call for cybercriminals.  

The EU has also taken action, publishing a new set of guidelines, placing responsibility of device safety with the manufacturers. The aim of this legislation is to ensure that wireless devices such as toys, mobile devices, tablets, fitness trackers etc are safe for sale. The new set of rules also aims to protect user’s personal data.  

Similar initiatives to improve device security and internet security on wireless networks are in place in the US which also have the goal to create a more secure foundation smart cities, connected cars, and other IoT applications.   

Manufacturers will also have to be more transparent to customers about the length of time connectable products will receive security updates and create a better public reporting system for vulnerabilities found in them. 

Just as a car has to be deemed road-worthy, or a boiler has to pass a certification, the same should apply to IoT devices. We’ll be keeping a close eye on these regulatory initiatives as they progress, and hope it signals a new era of IoT security and internet safety.  

Leave a Reply

Your email address will not be published.