IoT security is one of the greatest challenges we face today. Gartner predicts there will be 25 billion Internet of Things (IoT) devices connecting the world by 2021. And yet, IoT has gone unregulated and largely unsecured to date. That, paired with the sheer number and types of the devices being networked and connected to cloud interfaces and on-the-internet APIs and you have a perfect storm. A radical shift is needed.
IoT companies like Fitbit and Arlo are ahead of the curve, having implemented a strong proactive security posture by inviting ethical hackers to help harden their devices before and after they go to market. With so many breaches and so much compromised data, end users are not unaware of the risks. In fact, they are beginning to demand change.
A recent report by PWC found that 87% of consumers plan to take their business elsewhere if they don’t trust their data is being handled responsibly. There is a growing number of reports saying the same thing. We’re even seeing it in response to our own customers.
When Arlo hosted its Bug Bash last month Twitter user @JSyversen responded: “This post is making me check out @ArloSmartHome as a vendor I might use for my house. Have been unable to find anyone taking security seriously and demonstrating it. Great news!”
In Japan, which will soon be hit with an influx of visitors (and devices) for the Olympic Games, the government has taken decisive action to make its citizens and visitors more secure. According to NHK World-Japan, the Japanese government will try to hack into internet-connected devices in homes and offices around the country starting from next month as part of efforts to improve cybersecurity. The program, which could last for 5 years, is a bold move by the Japanese government to improve security ahead of the Olympics next year.
It’s not the first time a government has stepped in to help improve security for the country — this approach is similar to what Australia did with the hajime worm in 2017 — but it’s still novel, and even controversial. Even so, many organizations have taken a similar approach — albeit on a smaller scale — and for good reason.
Employee negligence when it comes to security is one of the biggest cybersecurity risks to businesses. According to Verizon’s 2018 Data Breach Investigations Report, employees are still falling victim to social attacks. “Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated.”
Having a robust and proactive security posture is critical in today’s climate. It’s why vulnerability disclosure is becoming best practice, and even a requirement in some industries. The best way to identify vulnerabilities is to engage the collective creativity and expertise of a Crowd of ethical hackers.
Today’s news is yet another indicator of change. More companies and government agencies are adopting proactive approaches to security. And while Japan’s approach is radical, their goal to “increase the safety and security of people’s devices” is something we can all understand and appreciate.