Year 2022 ! Planet EARTH ! Cybersecurity is taking the world by storm, with cyberattacks happening on a grand scale. Almost daily, we can hear about vulnerabilities that lead to some company's security breaches. Cyber attackers are constantly looking for weaknesses in any devices they can connect to, from cars to smart devices.
Unfortunately, many of the IoT/ICT products that we are connected to aren't built with security in mind and can quickly become targets for cybercriminals. That is why it's imperative to embrace product security in all aspects of its lifecycle - from design, development to support and maintenance.
What are the Trends in ICT/IoT Product Security?
1. Market Demand
There is a growing demand for ICT product security across various industries, especially in consumer electronics, automotive, and medical areas. Following the US Cybersecurity Improvement Act, the EU Cybersecurity Act and many standards and guidelines on securing the device supply chain, these industries are starting to be heavily regulated. Additionally, end customers are also expecting to purchase safer products.
2. Security Solutions
Network-based security solutions are often deployed 'after the fact,' when devices are already used, so they are certainly doing good but they're not supposed to be garanteing and end-to-end security since they can't protect against many types of threats.
3. Device Evolution
IoT/ICT devices are constantly evolving and modernizing, and their software is starting to resemble server, mobile, embedded, AI applications and much more. The sheer volume and complexity of these devices are expanding the cyberattack surface.
4. Emerging Threats
We are constantly being introduced to new risks. One of the most prevalent threats today is coming from supply chains. Such risks include intentional backdoors and unintentional known CVEs, as well as other security issues. There is also malware and ransomware that can reside inside open-source and third-party code.
Challenges of Securing the IoT/ICT Devices
There are three types of challenges:
1. Security Challenges - Securing devices could be of a significant expense for device manufacturers and asset owners. Tools that identify and analyze threats can create too many false positives that are often unexploitable, causing security and engineering teams to waste valuable time and effort.
2. Business Challenges - Device manufacturers and software vendors are trying to deliver more products with less time to market, without spending too much time and effort on device security.
3. Organizational Challenges - While developers are trying to deliver fast, security stakeholders are trying to slow down the process, primarily because of false positives from standard security tools, which creates friction between the parties.
Technology Challenges of IoT/ICT Product Security
Securing IoT/ICT devices come with additional challenges:
1. Identification - Low-level compiled codes, vulnerability chaining methods, and unique exploits, as well as fragmented software supply chain, make identifying security issues complicated;
2. Prioritization - The massive amount of security issues, diversity among security standards in different regions and industries, lack of experts, and miscommunication between security and development teams can make it hard to focus on the most important thing - the vulnerabilities with impact potential;
3. Post-deployment - Lack of visibility into already used devices, slow and ineffective software update process, and operation requirements are all limiting the security solutions available for deployed IoT/ICT devices.
Yes, in 2022, IoT/ICT devices will be encroaching on every single aspect of our lives. They're in our homes, offices, cars and even our bodies. Thus, all these trends and challenges will concern more and more each one of us. By thinking proactively we could include products security by design, by education and by default so to live in a more trusted and secure world.