SC Magazine: Device manufacturers need to rethink how to lock down IoT

By Matt Wyckhouse

Embedded, internet-connected devices control the most critical infrastructure on the planet. And their importance will grow with an estimated 55.7 billion IoT devices expected to hit the market globally by 2025.

Yet security spending doesn’t match the tremendous impact of these devices. A recent Microsoft Security Signals survey found that just 29% of companies have any budget allocated to protect firmware at all.

Threat actors have noticed. The Security Signals research said that attacks on firmware increased five-fold in four years. As a vector, consider this low-hanging fruit. For end-users, especially organizations that purchase dozens or hundreds of devices, the cost and difficulty of patching embedded devices has led to a new caution. Manufacturers have experienced slower deal cycles and more demands for security reviews.

To meet the demands of this emerging world, device makers need a new approach for IoT and embedded device security. Too often, they attempt to use legacy tools that were designed to secure web applications. But these AppSec tools are wholly incompatible with connected device firmware, leaving manufacturers scrambling for a solution.

Read the rest of the article on SCMagazine.com.