With the boom in the number of smart devices, the deployment of 5G, and the escalation of remote work, our ultradigitized environment creates many opportunities for cybercrime, forcing IoT manufacturers to make security a priority.
Risks and challenges
If there is one certainty, it is that cybercrime attacks will intensify and that no one and no sector is isolated from risk. Public bodies, datacenters, and the health, transportation, and energy industries are all preferred targets. That said, the increase in infected video surveillance cameras between 2020 and 2021 (+19%) demonstrates the scale of the phenomenon. The list is long, from the December 2021 detection of the LoG4j breach affecting millions of Java app users around the world to the Mirai botnet infamous for its denial of service (DDoS) attacks using smart devices. Without a doubt, we’re witnessing a relentless race between hackers and manufacturers, making SaaS (software as a service) options central to security systems. With their toolkits for faster scalability and greater responsiveness, they provide a framework of safeguards, where common rules struggle to be established…
1.5 billion attacks in the 1st half of 2021, according to Kaspersky
Standards in progress
The first step was taken in 2020 with the creation of standard EN303645, incorporating 13 provisions for the cybersecurity of connected objects for the general public. Since then, the diversity of proprietary standards in practice has made it difficult to secure systems while ensuring their compatibility. Without international—or at least European—standardization and despite real progress like the GDPR or the new European cybersecurity certification framework, security issues will comprise a collective, multifaceted endeavor destined to perpetually remain a “work in progress.” For manufacturers, however, publications from the GSM Association, the Industrial Internet Consortium, and the IoT Security Foundation provide welcome tools and checklists. As for consumers, they can expect to see a “secure smart device” label soon on their favorite devices.
First of all, the implementation of security must be taken into account early in the design of your product. “Secure by design” methodology, recognized by specialists, allows you to calibrate and implement the key measures of your device (memory with physical protections, cryptographic accelerators, updates, dynamic tests, access levels, authentication, and more). It should also be understood that security requires ongoing attention. What is protected right now may no longer be secure tomorrow, which is why updates are so important. Finally, regular audits ensure that your solutions remain up to date.
Remember that safety is everyone’s business, from the manufacturer to the service provider to the end user. Strengthening your relationship with all your sector’s stakeholders will allow you to provide faster, better coordinated, and more effective responses.