Why Do IoT Companies Keep Building Devices with Huge Security Flaws?
Smart devices permeate our homes and offices. The problem is that many IoT devices are not designed or maintained with security as a priority. According to a recent study by IBM Security and the Ponemon Institute, 80% of organizations do not routinely test their IoT apps for security vulnerabilities. That makes it a lot easier for criminals to use IoT devices to spy, steal, and even cause physical harm. Government regulation, while well-intentioned, isn’t what we need. A government framework of best practices and security strategies would be more useful. In addition, IoT companies should take some basic steps. First, security and privacy should be incorporated into design and development. Second, IoT devices should be able to receive software updates for their entire life span. Third, transparency to consumers should be improved. We can either invest now in securing that trust, and safely enjoy the benefits of this remarkable technology, or we can expect hackers to wreak more havoc, and governments to intervene in a heavy-handed manner.
Earlier this year an alarming story hit the news: Hackers had taken over the electronic key system at a luxury hotel in Austria, locking guests out of their rooms until the hotel paid a ransom. It was alarming, of course, for the guests and for anyone who ever stays at a hotel. But it came as no surprise to cybersecurity experts, who have been increasingly focused on the many ways in which physical devices connected to the internet, collectively known as the internet of things (IoT), can be hacked and manipulated. (The hotel has since announced that it is returning to using physical keys.) Read more…
