comment on this article

Stinging reports show industry still failing to grasp the security nettle

Another week, another report highlighting the industry’s apparent inability to grasp the importance of security.

The latest report, from the UK’s Department of Culture, Media and Sport, urges companies making products for the IoT to build strong security measures into their designs and not to ‘bolt them on’ as an afterthought.

The report – part of the Government’s National Cyber Security Strategy – picks up on a projection that more than 400million smart devices could be deployed in UK homes within three years and that many of these could be exploited as part of a cyber attack.

The security flaws in consumer electronics products were highlighted by Which? in a ‘snapshot’ investigation. It set up a network of smart gadgets and found eight of the 15 appliances on the network had at least one security flaw.

We also reported last year on a survey which found that 65% of medical device makers believed an attack on one or more of the products built by or in use in their organisation was likely in the near future. Yet only 17% of respondents said they were taking ‘significant’ steps to prevent attacks.

Meanwhile, the Barr Group’s latest report determined that one in five embedded system developers don’t list security as a requirement in their latest project. Other failings included a lack of regular code reviews and no coding standards. No wonder the Barr Group found the results to be ‘highly concerning’ and that there was ‘a lot more work to do’.

The DCMS report, created in association with the National Cyber Security Centre, recommends all devices should have unique passwords, that companies should have a vulnerability policy, that data should be encrypted and software updated automatically.

You might think these measures would be ‘front and centre’, but they aren’t. Art Dahnert from Synopsys summed it up nicely: “Smaller companies often don’t have a clue about security or the resources to devote to it. And, to be honest, many larger companies are also behind the curve.”

It’s no wonder we’re all beginning to talk about the Internet of Insecure Things.

Graham Pitcher

Comment on this article

This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:

Add your comments


Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

CES 2022 Review

Some of the key trends, innovations and news from this year’s Consumer ...

Get to market faster

A quick look at using Vicor's PFM and AIM in VIA packaging for your AC to Point ...

World IoT Day

ByteSnap Design, a specialist in embedded systems design and development, has ...

Improving cancer care

Mirada Medical’s imaging technology is helping to accelerate cancer care by ...