Despite the internet of things (IoT) market being forecast to reach $1.5 trillion by 2027, device security is still being neglected, according to Phil Attfield, CEO of Sequitur Labs.
This IoT growth is driven by increased adoption of smart sensors integrated into connected devices and is forecast to triple to more than 75 billion devices over the next few years. With this growth, there will be a corresponding increase in the number of issues and vulnerabilities that cybercriminals can exploit.
The devices are being made and sold by some of the largest technology companies in the world, into the manufacturing, retail, government, healthcare, consumer, transportation, IT and telecom markets. While IoT devices have the opportunity to revolutionize the way people work, live and play, insufficient implementation of embedded security has the potential to derail these benefits.
Phil Attfield commented, “Security is a critical element of IoT deployment, yet it is often neglected in the development process. IoT manufacturers need to come up with security practices to protect both proprietary edge device IP and customer data/privacy. Lack of IoT device security exposes customers to the danger of a breach that can lead to IP theft, damage to a company’s brand, and loss of customer trust. With trillions of dollars on the line, there is an immediate need to secure devices across their entire lifecycle to help overcome complex cybersecurity challenges.”
“If manufacturers do not implement IoT device security practices, the government will likely step in to regulate this area as part of their consumer protection policies,” said Attfield.
Sequitur Labs backs up the concerns with findings of a Forrester Consulting report on the state of enterprise IoT security in North America, which indicates it is unmanaged and unsecured. The key highlights are:
- 84 percent of security professionals believe IoT devices are more vulnerable than computers
- Two-thirds of enterprises have already experienced an IoT security incident
- Only 16 percent of enterprise security managers say they have adequate visibility of IoT devices in their environments.
One approach to security is through security platforms such as that provided by the company’s EmSpark security suite. This uses the Arm TrustZone architecture to create a safe and secure environment for critical device data and applications, supporting security functions for encryption, storage, data transmission and key/certificate management. IoT hardware manufacturers can use this software suite to implement device-level security and address technical, intellectual property (IP), supply chain and business process challenges. Developers can build applications with secure resources without having to become experts in cryptography and complex chip-level security technologies.
The EmSpark security suite is available for Microchip, NXP Semiconductors, STMicroelectronics, Nvidia, and Arrow Shield96 devices.
- Project Explores Trustworthy Design & Verification Flow for IoT Security
- Building a path through the IoT security maze
- Basics of SRAM PUF and how to deploy it for IoT security
- The search for a universal IoT security standard
- Thread protocol simplifies IoT security
- Evaluating an IoT security model against industry baselines
- An introduction to confidential edge computing for IoT security