IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security industry 'has failed' to raise awareness of IoT safety

Symantec urges security pros to work with IoT manufacturers

The cyber security industry has "fundamentally failed" to educate consumers about the risks of IoT hacking, and is not doing enough to ensure devices built with security in mind.

That's according to Darren Thomson, EMEA CTO and VP of technology at Symantec, who believes that the industry's approach to IoT security is outdated, reflective of an bygone era when it was deemed enough to simply respond to threats.

"In the next decade we will see a whole new level of threat, that means we are going to really need to raise our game," said Thomson, speaking at London's Infosecurity Europe event today.

"For the last 30 or 40 years, we have been fundamentally designing insecure systems," explained Thomson, a process that meant companies like Symantec could come along and patch those holes when required. "When were talking about cities or rail networks, that benefit of the retrofit no longer exists."

The IoT has increasingly been seen as a 'wild west', a series of networks that is proving to be incredibly susceptible to remote hacking. As connected technology has become more popular, security has become an afterthought for many manufacturers, either too difficult or too expensive to build in, according to Thomson.

Security as a result often falls back on the customer, where they are expected to carry out technical tasks beyond their capabilities.

"If [we] think sending non-technical people to websites to tick security boxes is enough, we're kidding ourselves," said Thomson. "This industry has failed its users in regards to education and awareness. As an industry we're not meeting enough with manufacturers... everyone in the room is a tech person."

This issue will be solved when the security industry makes an effort to become more "predictive", according to Thomson. An example of this would be the formation of an "ingredients list" for the IoT, giving users exact information as to what to expect from a newly acquired smart home. This list, much like the dietary requirements on a food packet, would be a reference point for spotting unusual activity.

"Its about time that everyone in this industry starts to think about the unintended consequences. We have tried and failed to make people security experts. It doesn't work."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022