The Internet of Things (IoT) and digital transformation surrounds us from the moment we get out of bed to the second we go to sleep
Before the coronavirus pandemic, many of us had embraced these connected technologies but few of us depended on them. However, when they were the only way to stay connected to our colleagues, customers, healthcare professionals, and loved ones they became a vital component in our lives.
While this rapid digital transformation, spurred on by the pandemic, offers many benefits to consumers, it also puts their data at risk. Due to the growing likelihood of IoT attacks, it’s no surprise that the buyers of connected products are increasingly aware of potential risks when it comes to protecting their data. 70% of technology decision-makers surveyed for the PSA Certified Security Report 2022 said their customers were actively choosing to buy connected devices that follow security best practice.
But it’s still not always clear to consumers what best practice is, and how they look for it. To truly build understanding and trust in the IoT, connected device manufacturers must come together and create an understandable, common language around IoT security, to help address new regulations and protect consumer devices from vulnerabilities.
Who is responsible for device security?
Consumers may want peace of mind but who is responsible for providing it? Research highlights a common problem – people think a product is secure because it is on sale. 72% of respondents to the Consumer Internet of Things Security Labelling Survey said they assume security has been built in ‘when the product comes to market’.
Unfortunately, there are many high-profile examples, such as the collectively dubbed Access:7 vulnerabilities, that demonstrate this is not always the case. This can often mean buyers are relying on manufacturers and retailers, which leads to trust being eroded if they are subsequently the victim of a cyberattack.
To combat this, the industry must get better at communicating with customers about security in a way that is easy to understand.
83% of PSA Certified survey respondents said they look for specific security credentials when buying IoT devices for themselves, and almost as many (76%) do so when they are buying for their company. However, despite trying to be proactive with security credentials, more than two-thirds admit they do not know what they are truly looking for.
Collective action and a common language is required
Security can feel complex, particularly if companies do not have access to dedicated security specialists. In many regions, governments and standards organizations are stepping in to protect consumers from insecure products, offering guidance and labelling schemes to device makers to inform basic security requirements. However, meeting all standards, requirements, and regulations can be challenging, especially if a device maker ships products globally.
Even if security is a priority, many developers of IoT products realize consumers may not trust the claims they make about their products without third-party verification. Independent verification enables manufacturers to build their products on secure and trusted components. 95% of people who responded to the PSA Certified survey agreed and said security certification was valuable to ensuring a secure IoT.
Industry frameworks designed to democratize security can help IoT device manufacturers build their products on best practice, comply with worldwide regulations, and leverage the expertise within the wider ecosystem. Importantly, it also makes securing an IoT device quicker, easier and more cost-effective and establishes a common language so everyone can understand what ‘best practice’ means in the context of IoT security.
However, this is just the first step toward realizing the potential of the consumer IoT. The most significant shift will be determined by our collective action. We all have a part to play in building consumer trust in our devices, the data they gather, and establishing a firm foundation for our digital future. Only by emphasizing the importance of security will organizations be able to put their best foot forward and capitalize on the potential of a better, more secure connected future.
About the Author
David Maidment is Senior Director, Secure Devices Ecosystem within the Architecture and Technology Group at Arm. Arm is one of the co-founders of the PSA Certified initiative. Arm’s foundational technology is defining the future of computing. A future built by the greatest technology ecosystem in the world. A future built on Arm. Arm is everywhere technology matters. Technology matters everywhere. Together, we’ll power every technology revolution moving forward, including cloud computing, automotive and autonomous systems, IoT, the metaverse, and beyond. Changing the world. Again. On Arm.
Featured image: ©ZinetroN