The IoT (Internet of Things) solutions have been accepted by the companies in every industry to a large extent and very rapidly. But this IoT tech does not have even reached its maturity.
This rapid acceptance of IoT technologies by manufacturers and other users led to the non-consideration of the whole security aspect in their strategy.
When you talk about the security aspect of IoT it is not only about the protection of the data but also to consider and address the inherent vulnerabilities of many IoT devices.
Now for example, if someone using a smart speaker or appliance or a wireless security camera with a default username and password or if the device is using a weak protocol for authentication, a hacker or intruder can very easily access and can use it as a gateway to the place.
Whereas, if we see in the case of infusion pumps or any other medical devices, the focus is mainly on the primary function of the device and not even considering a point of the security aspect. The devices in-home or office are often based on inexpensive and lightweight security protection, i.e., not as robust as enterprise security.
Deepak Kumar at 28th USENIX Security Symposium, 2019 represented a large scale analysis on 83 million IoT devices in 16 million homes globally in “All things considered: An Analysis of IoT Devices on Home Networks”.
This analysis showed that some devices such as home appliances, game consoles, surveillance, wearable, Voice assistants and other devices showed serious security concerns. However, some devices also used weak authentication protocols such as weak passwords or default administrative credentials that were not even changed by the users.
The new approach towards the security concerns of the devices should be employed to see the vulnerability. The new laws are being introduced by regional and international governments globally to mitigate these security concerns.
The AI (Artificial Intelligence) and ML (Machine Learning) also enable us to predict any threat.
California has introduced a new SB-327 law which states that manufacturers have to eliminate default passwords from devices.
The United Kingdom has also developed a certification scheme to label the compliant devices with a tag “Secure by Design Standard”, this tag has become a competitive differentiator to better the brand security of manufacturers.
In the IoT space, AI (Artificial Intelligence) and ML (Machine Learning) can help very much in recognising vulnerabilities before they can be exploited.