Security risks are a problem for the Internet of Things (IoT) because companies do not understand how to protect connected devices, according to Symantec’s IoT specialist.
Speaking at the Wearable Technology Show in London, Brian Witten, senior director of IoT security at Symantec, said companies of all sizes lack the know-how to secure low-powered IoT devices, which leaves them vulnerable to skilled attackers.
“What we see a lot of is a lack of awareness mainly because there are a lot of companies out there that are great at device engineering but aren’t security companies. And there are a lot of security companies that have never done engineering in these extremely constrained devices,” he said.
“A lot of people believe security can’t be built into these devices because of the limited computing power or the obscure architectures or lots of other reasons. But it can; it’s just that it’s not widely known how to do that.”
Witten said that Symantec works with IoT technology vendors to inject cryptographic keys into IoT devices, some with the physical width of a human hair.
The key to this, he said, is using alternative types of encryption technology to the likes of SSL (Secure Sockets Layer) that can be used in connected devices with tiny amounts of compute power.
“These extremely constrained devices can do very seriously powerfully effective crypto for a long time with very little battery,” he said.
Witten said such techniques could be used to secure sensors on extended IoT networks such as pipelines where it would be impractical to send out engineers to replace sensor batteries on a regular basis.
If companies fail to do this, Witten said, their IoT networks would be compromised: “Security is never done and if you’re not nimble, I guarantee the attacker will be nimble.”
However, there is a flipside: “Where awareness increases, we see people making smart decisions to rolling in more and more security,” said Witten.
IoT security is probably one of the most talked about subjects surrounding the technology trend, with some claiming companies are sleepwalking into danger by not addressing the issue.
However, companies like BT and Vodafone have joined forces to create the Internet of Things Security Foundation in order to raise awareness.
But there are three times as many CDOs as there were in 2014
Companies never used to hold big launch events to announce minor upgrades, did they?
Only 35 per cent of IT decision makers regularly review their data formats
One-third of CIOs admit that their organisation has fallen victim to a security breach in the last two years
CIOs warn that companies are losing battle against cyber crime