• News
  • People
  • Long Read
  • Opinion
  • Weekend Wrap


You are the biggest IoT security threat!

Lack of security is present in both the consumer and industrial IoT markets.


We need to take steps to secure our IoT future, writes Kimmo Aura.

Lack of security is present in the consumer IoT market, personal and home devices and services, as well as the industrial IoT (IIoT) sector. Based on different research sources, the underlying reasons for security threats in the consumer and industrial markets are different, but the risks and damages to both can be irreparable and immeasurable in economic terms.

Over the next two years, the number of IoT devices in households is predicted to climb steeply from nine devices per household currently to 500 by 2022, according to Gartner, as IoT connectivity is being bundled into products whether people want it or not.

According to a research funded by the leading cyber-security house F-Secure, many IoT devices would go unprotected because consumers do not know how to change the manufacturers’ default security settings.

The drive to be the first to market has meant that many manufacturers have not even considered the security implications of their devices. They have either not built appropriate security measures, used inadequate measures or, in some cases, provided no settings at all.

Of even greater concern is the potential for IoT devices to be turned into eavesdropping mechanisms that can hear and see what is going on wherever they have been deployed. Online criminals could even access and control biometric data such as fingerprints, voices and facial images stored as digital data.

Long, deliberately unwieldy and confusing terms and conditions of use, which users are practically forced to sign, give manufacturers the right to collect private data and control how its device is being used. Consumers largely remain oblivious to potential implications.

“Enterprises see network complexity as the single biggest reason for IoT security threats.”

This lack of awareness will also result in significant security risks to individuals since IoT devices with limited security will easily connect to home wi-fi networks and other radio protocols such as Bluetooth, Zigbee and Z-Wave, and use those networks to link to other devices such as computers, handheld appliances and mobile phones.

According to the 2018 SANS Industrial IoT Security Survey Report, most organisations globally are looking at a 10 to 25 per cent growth in the number of their connected devices. This will lead to the systems connected to IIoT devices doubling in size every three to seven years.

Consequently, enterprises see network complexity as the single biggest reason for IoT security threats. Data, firmware, embedded systems and general endpoints are identified as the most vulnerable parts of IoT systems. The systems are scattered across numerous sites hosting autonomous endpoints, which makes configurations difficult to manage. The SANS poll also discovered that complex systems will open a responsibility issue. IoT professionals define IIoT endpoints differently and this, in turn, will become the basis for confusion surrounding responsibility for IIoT security.

In IIoT, the security issue is not in the software and hardware security features. According to Tosibox, a pioneering IoT company founded to make security easy, the only way to overcome the security threats arising from the complexity is to minimize the amount of manual configuration work. Its solutions are unique due to highly simplified and automated network and device configurations. This minimises manual work and thereby reduces the likelihood of human errors.

Kimmo Aura
Program director, Business Finland, Connectivity from Finland