The Internet of Things (IoT) and the data it collects are allowing us to work and live connected lives like never before. IoT devices are unlocking innovation that is digitizing all industries. While traditionally the rate of IoT security adoption has lagged behind the pace of digital transformation, recently we have seen an industry-wide effort to amend this. Through the adoption of best practice security and selecting components that have a certified hardware protected Root of Trust (RoT), the electronics industry can take the first steps towards building a more secure IoT and preserving digital transformation. But, what factors have caused security to become a rising priority and how can the ecosystem work together to drive the adoption of best practices?
PSA Certified have published new research that shows how much progress the electronics industry is making on our journey towards a secure IoT. Our PSA Certified 2022 Security Report, which incorporates the views of more than 1,000 technology decision-makers, explains we are reaching a turning point – where security is no longer optional and is instead being placed at the heart of many organizations’ culture and strategy. In fact, 88% of respondents to the survey that underpins the report said security is now one of their top three business priorities. The question is, why has it increased in importance?
The Evolving IoT Security Landscape
There have been several significant shifts over the past 12 to 18 months. First, people’s expectations have changed. The rising number of hacks has increased awareness around the need for security and customers want to buy secure products. In fact, when buying as a consumer 83% of tech decision-makers look for specific security credentials. Second, new standards and regulations have been introduced by governments and industry bodies, that device manufacturers must comply with if they want access to relevant markets. Finally, more than a third of the people we surveyed said new ways of working, accelerated by the pandemic, have increased the likelihood of cyberattacks on IoT products.
In addition, almost all respondents (96%) told us building security into a device has a positive impact on their bottom line. Companies in industrial sectors, in particular, said it allows them to sell to customers that mandate a certain level of security. Others reported benefits include helping to earn customer trust and reduce insurance premiums.
Barriers to IoT Security Implementation
However, our research also shows barriers remain that must be overcome if we want the level of security to keep up with the pace of digital transformation. Just under a third of respondents (30%) said a lack of security expertise was holding back implementation. This is a well-known challenge – the World Economic Forum highlighted the global skills gap in its latest Global Risks Report. It says another three million cybersecurity experts are needed to stay ahead of hackers, highlighting the need for the industry to democratize security.
Addressing the IoT Security Skills Gap
The starting point is developing a common language around security and standardized resources. An overwhelming 96% of people who responded to our survey expressed an interest in having an industry-led set of guidelines on IoT best practice to help them strengthen their security.
Similarly, our results show there is a demand for trusted off-the-shelf components such as microcontrollers and connectivity devices. Almost half (46%) of the people we asked said that would help them develop more secure devices. The responses also reinforce the importance of building on a hardware protected Root of Trust (RoT), a critical portion of a component that provides essential security functions such as secure storage and cryptography. Notably, RoT adoption rates are particularly high in critical markets such as health monitoring and industrial (both 78%), that seem to be ahead of the curve with IoT security.
The final piece of the puzzle is ensuring agreed best practice has been met through independent testing and validation. A majority (95%) of respondents said increasing the rate of third-party certification would benefit the industry, although perceived cost pressures currently prevent some companies from doing this. However, by drawing on the expertise of the ecosystem, for example, by utilizing collaboration-based frameworks and trusted components, budgets can be realigned.
Our security report shows that momentum is building, and the industry is ready to work together to ensure we are deploying secure IoT devices at scale. We must all take this opportunity to protect our connected future by designing products with a ‘security first’ mindset.
PSA Certified is a partnership of world-leading companies that have come together to democratize security through the creation of an easy-to-use framework, free resources, and independent certification. Each year, we ask technology decision-makers to share their views on IoT security. To gain further insight into the opportunities and challenges they see ahead access the full PSA Certified 2022 Security Report here.
Author: David Maidment, Senior Director, Secure Devices Ecosystem at Arm and one of the PSA Certified co-founders
Sponsored Content: Integrated power system manages battery, load and back-up
Wyld Connect hybrid terminals support sensor-to-satellite IoT
Digi-Key to host Private LoRaWAN for IoT webinar
Lacuna’s IoT network to offer LoRaWAN direct-to-satellite connectivity