David Maidment, Senior Director, Secure Device Ecosystem, at Arm (a PSA Certified Co-Founder) shares his top tips for ensuring security in our connected devices this Cyber Monday.
Smart devices have become an increasingly popular mainstay of the Cyber Monday sales rush. From virtual home assistants, to smart toys and wearable tech, consumers will be stocking up on the latest Internet of Things (IoT) appliances at reduced cost. However, as these products continue to dominate the holiday sales rush, it’s important that we consider their security robustness and work collectively as an ecosystem to avoid contributing to longstanding security challenges.
Despite a growing recognition of the importance of IoT security, connected products are often found to be lacking basic security safeguards and requirements, potentially exposing users to cyberattacks, privacy risks and even physical danger. In fact, a report by Cybersecurity Ventures estimates that cybercrime will cost the world more than US$10.5 trillion annually by 2025.
Consumers investing in IoT-enabled devices in this year’s sales will need to be more aware than ever of potential security threats. But more importantly, manufacturers of IoT devices have a growing duty of care to help mitigate this cyber risk and design IoT technologies with security in mind from the outset.
Here are four ways OEMs and business leaders can help to reduce risks for consumers and help to build trust in IoT devices.
Follow a unified approach to security
The devices being purchased this Cyber Monday will come from an array of different manufacturers in different territories, who all work to their own security standards. This can create a lack of consistency in the approach to security, leaving consumers and organisations struggling to understand and trust the level of protection built-in to their devices. OEMs should ensure a consistent standard of security is designed-in to the hardware and firmware of all devices in order to build assurance and mitigate risks to IoT networks. Security is a shared responsibility and the technology ecosystem has an important role to play in helping OEMs identify best practices in order to overcome current and future security threats, making sure devices are built on a common foundation of security.
Build a community
Building a wider community and ecosystem based on collaboration and trust will allow continual knowledge transfer. Encouraging curiosity and proactivity into security requirements will help ensure no one settles for the status quo and everyone feels responsible for the right level of security for connected devices. This validation of ideas and thoughts by working with other experts in the field helps organisations map to the latest security standards and upcoming legislation.
Using established frameworks that are reviewed and updated regularly by security experts and making security an integral part of how all developers build products will also help act as a catalyst for better security practices. Security must be ingrained as part of a company’s DNA, and not just a bolt on at the end of the product life cycle.
Get regulation ready
Governments and standards organisations have responded to the growing number of attacks on IoT devices with new security standards, regulations, and baseline requirements designed to protect consumers’ data and privacy. To meet the demands of the world’s biggest markets, OEMs should base security initiatives on best practice and look for security frameworks that align with multiple regulations.
Demonstrate commitment to security
Consumers are savvier than ever before, and they want to know that devices have been developed with security built-in. This means manufacturers need to re-think their approach to product development. There’s an accelerated expectation to deliver security functionality out-of-the-box and seeking independent certification can help demonstrate that security has been designed into devices correctly. Not only will this increase consumer trust, it will also help OEMs increase their bottom line as using certified components will reduce the total cost of ownership as security is already built in.
The PSA Certified approach
To help OEMs overcome the challenges of developing secure devices we have developed PSA Certified, an industry-backed security framework, and independent assurance scheme that makes it quicker and easier to build trust in connected products. By putting a set of implicitly trusted functions that the rest of the system or device can use – also known as Root of Trust – not only establishes an important foundation of security from the outset, but helps manufacturers to build trust in the IoT and ensure consumers can enjoy their new connected products safely this Cyber Monday.