IoT Security Is Improving—but Risk Is Still Growing
Despite real progress, the rapid growth of devices and threats is outpacing the industry’s ability to secure them. In this clip, Robert Kelley reflects on the current state of IoT security, highlighting meaningful progress and persistent risks.
•1:49•HD•0 views
IoT Security Is Improving—but Risk Is Still Growing
Transcript
In my opinion, IoT security is definitely getting better. As I mentioned before, we are swimming, but the water level is rising and sometimes faster than people can swim.
We're seeing manufacturers adopt secure boot and for signing updates and integrate SBOMs now that it is specifically mandated. But we're seeing people actively make efforts where they once didn't need to or didn't think they needed to.
So wake up calls like regulations like EU Red, CRA, ah Radio Equipment Directive are forcing security earlier into the development cycle. And that is great news.
But the threat landscape, you know especially with the proliferation of AI, is moving faster than the industry is adapting, in my opinion. IoT supply chains are still pretty opaque and update infrastructure is brittle, sometimes very unenforced.
And secure design is still often far deprioritized in favor of speed to the market. Everyone needs to be the next best thing. Everyone needs their device to be faster. It needs to be more efficient, but at the cost of not thinking of all of the repercussions of those efforts.
So In addition, the number of connected devices is exploding. And every new device is another node of risk because again, an IoT device is not an isolated product.
It is part of a greater ecosystem of devices that may be nowhere near as secure as the ones you're trying to do. So while awareness is up and tooling is improving,
the net exposure is still growing