Cyber Monday would be unrecognizable without the presence of discounted smart and intelligent devices. From wearables to interactive toys, smartphones to appliances, Cyber Monday has come to be the time of year when millions of people make their big Internet of Things (IoT) tech purchases. However, as millions of connected devices fly off the shelves and find homes in consumers’ hands, it’s crucial that their IoT security robustness is taken into consideration. The ecosystem must work collectively to address the virtual and physical security risks and solutions, which are present in a market dominated by connected devices.
The PSA Certified 2022 Security Report highlighted that the importance of and need for IoT security solutions is increasingly being recognized, from the consumer level all the way to the boardroom. In fact, 83% of respondents in our survey said that they are now looking for specific security credentials when buying connected products as a consumer. Our survey also found that 4 out of 5 agree that security has increased in priority over the past 18 months, citing both regulatory pressure and consumer demand for the shift. It’s a crucial development which means that manufacturers all across the globe are looking for ways to deploy best practice security to protect users of the devices from cyberattacks, privacy risks and sometimes even physical danger as a result. While things are improving, a Cybersecurity Ventures report estimates that cybercrime will be worth $10.5 trillion annually by 2025.
While our report findings tell us that consumers will be looking for IoT-enabled devices which are secure during the sales period, there is still an onus on the technology ecosystem and manufacturers of IoT devices to embrace their growing duty of care to help reduce cyber risks. The best approach for OEMs is to act proactively rather than reactively, by building cyber security standards into IoT technologies from the outset.
Here, we’ve outlined four ways business leaders and OEMs can minimize consumer risk by building trust in IoT devices to improve ecosystem IoT security.
#1 – Prepare for Regulations by Utilizing Third-party Certification
As the IoT ramped up and security hacks became more common, governments worldwide started to consider how they could protect their consumers. There is a growing recognition that devices must now be designed to protect consumer data and privacy above all else. This has led to increasing cyber security standards, regulations and baseline requirements that underpin how OEMs build IoT devices. Most recently, we’ve witnessed the White House and NIST discuss the potential introduction of a labelling scheme, plus the European Cyber Resilience Act proposal. It’s increasingly possible that non-compliance with these new standards and laws will lead to halting the shipment of devices in a particular region.
This evolution of standards and legislation can be confusing and costly, but there are smart ways to approach the problem and minimize the impact. For example, the PSA Certified program is mapped to the legal requirements to meet the demands of the world’s dominant markets, helping OEMs not only build on IoT best practice but also to make use of an IoT security framework that aligns with multiple regulations.
#2 – Show You Proactively Care About IoT Security
As the stats earlier in this article have shown, consumers today are far more knowledgeable buyers than in the past, and the key to them is knowing that the devices they buy have security standards built in. This means that beyond the regulation push, there is also a pull from the broader ecosystem for OEMs to work on their brand value and reputation – leading OEMs to re-think how they develop products.
There is now an increased consumer expectation to deliver product functionality and security functionality right out of the box. Seeking independent certification helps demonstrate that IoT security solutions have been built into devices correctly. While independent certification enables OEMs to increase their bottom line, it also enormously boosts consumer trust. Using certified components reduces the total cost of ownership as the requisite security is already built in, increasing customer satisfaction.
#3 – Be Part of a Shared IoT Security Approach and Create a Security Community
Devices flying off the shelves this Cyber Monday will come from a plethora of manufacturers and OEMs, many of which will be operating in equally distinct territories and jurisdictions. These companies will all be working according to their own security standards. The result? A fragmented approach to collective IoT security leaves consumers and organizations unable to understand or even appreciate the cyber security standards built into — or absent from — their devices.
With this in mind, it’s no surprise that 96% of respondents in the PSA Certified 2022 Security Report are interested in an industry-led set of guidelines to help build IoT security, and 96% also want to collaborate on security solutions. No matter where they are in the value chain, companies realize that the security challenges are too significant to scale independently and are collaborating to create a joint solution.
One of the most common concerns of companies building connected products is the need for more security experts. The PSA Certified 2022 Security Report found that the lack of security experts was cited as the main barrier to IoT security. In fact, the World Economic Forum now estimates a gap of over 3 million cyber security professionals needed worldwide. Continuous IoT security knowledge transfer is crucial to IoT success and is only possible when a wider IoT community and ecosystem exists, one that is based on collaboration and trust. Curiosity and proactivity around open-sourced, industry-led IoT security frameworks and standards should be encouraged. Validating ideas and thoughts by collaborating with other experts in the sector will help organizations plan and strategize according to the latest cybersecurity standards and applicable legislation.
Collaboration has been part of the PSA Certified DNA from the very beginning. Our guidelines have been built on collaboration by industry-leading security experts across the globe and give OEMs a fast track to deploying the best security requirements into a device’s hardware and firmware. To instigate change, OEMs should use established security frameworks like PSA Certified — frameworks which are reviewed and then updated consistently and continuously by experts — when building IoT devices. Making cyber security standards integral to product builds will be a catalyst for better IoT security frameworks. Ultimately, cybersecurity must be a pillar of a company’s DNA, not a ‘nice-to-have’.
#4 – Follow the Industry-Backed Approach
PSA Certified was developed to streamline and simplify standard device security for OEMs. PSA Certified is an industry-backed IoT security framework with a matching independent certification scheme. Its mission is to make it quicker and easier than ever to build trust in connected products. Today we have over 130 PSA Certified products from over 70 partners. These products are built on a Root of Trust — a fundamental set of implicitly trusted functions that the system/device can rely on. It establishes an important foundation of security from the get-go and enables manufacturers to build trust in the IoT.
Together, the award-winning PSA Certified ecosystem is building security into devices and ensuring that consumers can safely enjoy their new connected products this Cyber Monday. Join our ecosystem today, and help to play your part.