There will be an estimated 8.6B IoT devices by 2026. With this level of expansion, ensuring proper safeguards in place is critical, to mitigate the risks of any future cyber attacks.
According to the SonicWall Cyber Threat Report, “In March 2020, masses of employees packed their personal office belongings and equipment to work from home for months on end, simultaneously creating an explosion of new attack vectors.”
The United Kingdom was the fourth worst-affected country for ransomware with 8.5M attacks. As workforces moved to their homes, IoT devices became the main target for hackers, with attacks increasing 48% across Europe.
A study by Palo Alto Networks, which surveyed businesses across 14 countries, concluded that 57% of IoT devices are vulnerable to attacks. Many companies are struggling as they try to apply robust IoT security practices. Only one in five of the IT decision-makers surveyed have implemented the best security measures to protect their IoT tech in the workplace.
What’s next for IoT security
The FIDO (Fast IDentity Online) Alliance announced their FIDO Device Onboard protocol that aims to solve IoT security issues, and is targeted at commercial and industrial applications.
“The FIDO Device Onboard standard builds on the Alliance’s ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications,” Andrew Shikiar, executive director and CMO of the FIDO Alliance, stated.
“Businesses recognize the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics, and more. The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments.”
Dave Kleidermacher, who servers as VP for Android security and privacy at Google, also commented: “The work the FIDO Alliance is doing to address phishing by closing security gaps on the web would not be possible without industry collaboration and standardization. It’s a natural fit for the FIDO Alliance to use these same tools to address the threats against IoT infrastructure. As a board member of the FIDO Alliance since its earliest days, Google is proud to have contributed to this new standardization effort to better secure IoT.”
FIDO’s initiative coincides with the UK government’s recent announcement on new cybersecurity legislation aimed primarily at protecting intelligent devices.
Commenting on the development, Joseph Carson, chief security scientist at Thycotic, said: “The new UK law to improve security on smart devices is a welcome step in the right direction, however, it must go further to ensure that it includes security best practices that are part of the solution.
The best practices for IoT device security include strong authentication and secure software updates, which ensure that only authentic code can be installed on the device.
Striking a balance to ensure IoT devices continue to deliver the advantages they offer to businesses and consumers alike is essential, especially in using them within a secure environment. Stringent standards must be set in place to ensure clear guidance when security is being considered for each new IoT device, to prevent any threats or compromise.