With an estimated 75 billion connected devices being deployed by 2025, the potential attack surface for cybercriminals grows. This threat is amounting to around 5,400 attacks per month on average against IoT devices, according to Symantec research.
Many point to vulnerabilities in poor security on home thermostats, or even implantable medical devices. But the responsibility for preventing or minimizing cyberthreats goes beyond identifying a vulnerability and providing a patch.
In 2017, Arm CEO Simon Segars called for companies to sign up to a digital social contract that obliges them to protect users. Since then, the electronics design ecosystem has joined hands to work relentlessly to ensure, through new management systems, that all devices have the most up-to-date security at any given point.
One key to this is a grassroots approach that builds on universal secure design methodology is PSA Certified. It provides a security baseline for connected devices, and provides independent assessment by leading test labs. The methodology has been embraced by global industry players who use the freely available resources to mitigate some of the overhead costs associated with implementing a security baseline in their devices.
The second key to the security journey is to ensure comprehensive IoT device management to protect connected devices throughout their lifecycle. This includes securely provisioning the device once it’s turned on in the field, managing the updates over the air and securing the communication between the device and the data store.
We stand at a crossroads. In one direction lie more of the same confounding, costly cat-and-mouse games of rapid technical progress followed by breach and patch, which hinders innovation. In the other direction lies a new way illuminated by a series of common beliefs and a shared dedication to ensure a secure and prosperous world.