IoT Security is Bad, but there is hope

Cyberus Labs, headquartered in Poland, has been on the cutting edge of IoT security for close to a decade offering passcode-less authentication techniques that are only now gaining traction in the world market. We caught up with their founder and CEO Jack Wolosewicz on his view on the future of security in IoT and 5G technology.

CPM: Is enough attention being paid to privacy and security as IoT and 5G evolve?
 
JW: Little or no attention is being paid to cybersecurity. Depending on who is doing the measurement, there will be some 40 billion connected IoT devices by 2025. They will be just as vulnerable then as they are today. The market is fragmented and the driving prerogative continues to be time to market rather than privacy or security. If this trend continues, IoT will become the biggest single threat to privacy and security as it continues to massively expand the potential attack surface.

CPM: From a developer’s point of view, how are privacy and security being built into services and devices?

JW: IoT systems are a combination of conventional IT and a plethora of new technologies. For example, human control over IoT systems is typically handled by conventional IT security (logon), which is still relying on static credentials like passwords and it is also notoriously vulnerable to the well-known weakest link in any security chain: the human factor.

Machine to Machine security is at least free of the human factor, but it also still relies on passwords. The result is weak security in the Human-to-Machine and Machine-to-Machine layers of the typical IoT stack. This is in systems where management actually insists on some security being enforced. Market pressures often result in management directing developers to bypass the additional time and expense of building in even rudimentary security.

CPM: As the IoT ecosystem evolves and expands, will new levels of security and privacy provisions be needed?

JW: Absolutely. The IoT market should reach $1.1T by 2026, but it could all come to a screeching halt as high profile IoT security failures come to light. Remote access car hacks are one such example of a high profile IoT failure, but a smart building, city or power grid failure, which will put lives at risk will have a devastating effect on the future of IoT. A complete rethink of IoT cybersecurity is what is needed if we expect to continue to grow the IoT market and ensure user safety and privacy at the same time.

The good news is that governments are waking up to the looming security threats and IoT cybersecurity legislation is being introduced in the EU, UK and US. The most recent updates in the EU regulations will impose GDPR-like fines that will be a strong bottom-line motivator for management to insist on enhanced security and privacy provisions.CPM: Can the need for full interoperability, ease of use and seamless user experiences be reconciled with strong security?

Our experience at CyberusLabs has taught us that the best cybersecurity is rooted in simplicity. Our Human-to-Machine authentication layer is immeasurably simpler than the conventional authentication mechanisms, while it seamlessly provides multifactor authentication and Man-in-the-Middle attack defence.  It even makes Captcha, a major user annoyance, completely unnecessary. Our Machine-to-Machine security protocols are based on the same philosophy of security by simplicity.

CPM: Will IoT adoption require we give away more of our privacy for the services offered?

Related:   Hollywood strikes fight over ownership of biometrics

JW: As with “free” IT services, free IoT services exact a price of some loss of privacy. As society seems to be complacent about surrendering this data, these IoT business models will proliferate and pools of personal information will be created at an increasing pace. Expect more major private information breaches.

CPM: Are you always so optimistic (JK)?

JW: We are entering an era of great growth in technology and human potential, which is matched by equally great growth in the potential threats to society. As IoT and AI herald great opportunity, society will need to wisely navigate the dangerous landscape that comes with it.  I am cautiously optimistic that industry and governments will play their role in putting the right incentives and legislature in place to make steering clear of major mishaps possible. GDPR is a good example of the path we need to follow in IoT.
 

Lou Covey

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *