In this blog Prof. Sally Eaves (Global Chair of Cyber Trust, Global Foundation of Cyber Studies and Research) breaks down the key security challenges facing the IoT ecosystem, the cost of insecurity and introduces the new PSA Certified industry action plan.
In today’s connected economy, working together towards a more secure connected future has never mattered more. We are at a unique milestone moment where multiple vectors of change are converging, from a global acceleration in digital transformation and application development modernisation, to distributed ways of working, and evolved consumer and employee behaviours and expectations too. This is all supported by emergent technology and IT/OT integration, the rise of APIs, 5G and enterprise IoT, and an inevitable explosion in IoT devices. Indeed, by 2024, it is estimated that the number of IoT connections in the UK alone will increase to an incredible 39.9 million.
Whilst this has created dynamic new opportunities to innovate, it has also diversified the risks consumers face and created new risks for businesses, with IoT security now a leading C-suite priority, concerning silicon vendors, software providers and device manufacturers alike. So, what are the key issues and how can we better address them?
The Key IoT Security Challenges
Whilst cyber threat surface areas continue to expand, the scope, scale and sophistication of attacks continues to escalate too. And with new levels of digital-physical convergence, endpoint choice, flexible workstyles and applications everywhere, we have a much wider perimeter to defend – indeed many of the traditional trust boundaries employing perimeter security just no longer exist. From SME to Enterprise, IoT devices with ever more complex anatomy now represent the most vulnerable part of the network – and are present in both employees’ homes and legacy end points. Coupled with expanded supply chains, IoT security is fast moving beyond a technology issue to one of business resilience and continuity.
On average, there are now 5,200 attacks per month on IoT devices, with 7 million data records compromised every single day. Taking healthcare as an example, some 82% of healthcare systems reported IoT cyberattacks in the last 18 months alone. And these breaches can lead to devastating impacts. The average cost of a successful IoT device attack is over $330,000 with losses extending beyond the financial, to data loss, tarnished reputation, and ultimately the risk of losing probably the biggest currency of our time – trust.
And the list goes on! Additional issues include turning data volume into the data value that drives security insights with active intelligence, the complexity of global legislation and resultant fragmentation of standards and regulations, accessibility and consistency across frameworks, testing and best practices, and ambiguity around liability – all highlighted as challenges in the PSA Certified 2021 Security Report. Indeed, tracking where a risk is coming from across the supply chain ecosystem and then identifying how to tackle it is becoming increasingly complex.
Introducing The PSA Certified Advisory Paper
This catalysed a deeper connection and desire to co-create resulting in the ‘IoT Industry Action Plan to Reduce the Cost of Security’. The action plan outlines the current state of play and gives five key steps to facilitate a common language of security and mitigate the cost of best practice.
Bringing together attention to technology, ecosystem collaboration, risk modelling, standards, democratisation of access, education and skills, and the role of certification this is a best practice guide that we hope will inspire continued conversations and further collaboration. We believe that embedding security by design that is baked-in at device level, and establishing a culture of collaboration, prevention over cure and knowledge sharing will be key to enabling IoT to truly accelerate secure digital transformation worldwide. This is our call to arms – join us!