Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By Reza Moqadasi, CISO, ITRS Group

Since its inception, the Internet of Things (IoT) has grown at a steady pace – but, finally, it is positioned to break into the mainstream. Demonstrating this growth, a quarter of businesses now use IoT technology, compared to just 13% in 2014. And this expansion is only set to continue, with IoT underpinning an increasing host of new technologies, including driverless cars and smart homes. 

However, as IoT continues to proliferate, security becomes a crucial concern – with a number of high-profile cyberattacks demonstrating the vulnerability of IoT. Certainly, this issue has forced companies to consider what they should be doing to mitigate the risk – but it also raises a much bigger question: is it possible to balance seamless user experience with strong security? At ITRS, we believe it is feasible, but it takes a comprehensive security strategy

The rise of IoT and cybersecurity challenges 

Building on a steady rate of adoption throughout its early years, IoT is now an established class of mainstream technology. This is set to accelerate further, with the number of IoT-connected devices predicted to increase to 43 billion by 2023 – an almost threefold increase from 2018. This growth is driven by a range of factors, including global consumer trends, an increasing demand for inter-connected devices, the proliferation of 5G, evolution of edge computing style=”font-weight: 400;”> and the adoption of Industry 4.0.

IoT devices are brilliant in what they are designed and built for; however, typically due to their limited computing resources, they do not have adequate built-in security features. As a result, some network-connected IoT systems can potentially be a convenient target for threat actors. But the consequences of a security breach in an IoT device are not just limited to the targeted device: a compromised internet-connected IoT system might provide hackers with full access to the rest of the network and, potentially set the stage for a ransomware attack.

Will security problems hold IoT back?

In order to put the scale of these evolving security challenges in context, let’s consider a ‘real life’ use case. 

IoT, in combination with 5G, will form the foundation of the infrastructure on which self-driving cars and autonomous vehicles will operate. 5G will provide the expansive, ultra-reliable low latency networks which facilitate the communication, control and monitoring of the self-driving cars. Meanwhile, IoT devices, among other cyber physical systems (CPS), will provide the vast array of sensors, from actuators to smart vision equipment, inside the vehicles, as well as those in the outside environment as part of the underlying infrastructure

As this example demonstrates, security attacks on such critical infrastructure could potentially lead to catastrophes involving injuries and loss of life, not only for the passengers of the driverless vehicles, but also innocent bystanders. 

Further complicating the landscape, these security concerns cannot be attributed to any single underlying cause. Rather, they’re driven by a combination of factors, including insecure interfaces, poor device management, insufficient data protection and skills gaps. That being said, at a more fundamental level, part of this problem has been limited focus on security or privacy by IoT device designers and manufacturers. 

What’s the answer?

There is a clear opportunity for IoT developers and architects to onboard security at the design stage and into the build as part of the Software Development Life Cycle (SDLC). What’s more, the collaboration between Engineering, DevSecOps and QA teams needs to include joint security objectives at all stages of software and hardware production.

For instance, at the moment, a common security problem is insufficient device authentication and authorisation, as well as weak encryption.  A combination of multi-factor device authentication and digital certificates would allow IoT devices to be identified and verified uniquely, ensuring that only authorised applications and individuals can gain access.

An evolving problem requires an evolving solution

While the IoT ecosystem continues to evolve and expand, the levels of security and privacy provisions required will also increase. As IoT devices become more and more connected to IT infrastructure, IoT exploitations will become increasingly popular among hackers.

The vulnerabilities of insufficiently secured consumer IoT devices can potentially lead to large scale incidents for businesses. A vulnerable smart TV, doorbell or thermostat, for example, can open the door to a threat actor. This threat becomes even more significant in hybrid working models, which include working-from-home: once the threat actor manages to get access to the home network, other corporate or personal devices which share the same internet connection or infrastructure will also be exposed. A business laptop on a compromised home network can potentially contaminate the enterprise systems, or even the firm’s supply chain. 

Can security be reconciled with convenience? 

Convenience is one of the primary utilities of consumer IoT devices. That includes interoperability, ease of use and seamless user experience. The architects and system engineers need to consider and articulate the security and privacy cost of convenience for consumers and businesses alike. 

To reconcile convenience with strong security or privacy, firms must implement cybersecurity strategies such as zero trust and defence-in-depth, alongside the principles of least privilege. Employing such strategies has a direct impact on improving and enhancing the security posture of an organisation. What’s more, their adoption and implementation will elevate the operational resilience of the organisation in the event of a cyberattack or security breach.

While it is true that the proliferation of IoT poses a number of challenges, there are also clear solutions. With inter-disciplinary cooperation, whereby innovators, technologists, social scientists and policy makers, among others, work together, the issues of cybersecurity and privacy can be overcome to enable the safe development and adoption of new IoT-powered technologies, systems and concepts.


Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts