The ticking time bomb of connected devices

1 min read

Although security affects enterprises as a whole, design engineers must include security measures in their products, said Johan Pieterse, head of IT and security at Racing Post.

With the number of cyberattacks on the rise, security experts came together last week at Infosecurity Europe in London to discuss how to counter and protect against increasingly powerful hackers.

“When designing a new product, […] make security part of the process,” Pieterse urged.

However, Amichai Shulman, co-founder and CTO of cyber security software specialist Imperva, believes business must come first. “Drive business first, think how to defend it after,” he argued. “At some point, the security becomes disruptive for the design as it adds too much code.”

Adam Brown, security solutions manager at Synopsys, disagrees. “It’s more efficient to plan security from the beginning of the process.”

Whichever you decide, there is no denying that security in electronics can no longer be put on the backburner with the increasing number of connected devices.

“There is currently not enough protection,” said Igal Zeifman, director of Incapsula at Imperva. “Most IoT devices are open to access; not because it’s a security flaw, but because they are designed that way.”

Synopsys has tested the security resistance of a number of connected devices – with alarming results. “We’ve managed to hack pacemakers and insulin pumps,” said Brown. “39% of all known hacks in the medical domain are device control. This is worrying.”

Zeifman admits most devices need remote access, but said applying some easy security measures – such as not using default passwords or changing default access for each new version of the product – will limit risks.

“Websites, such as Shodan.io, enable anyone to locate your connected device, which makes things even harder,” he added. “However, as non-professional attacks are now the majority, implementing these easy steps should help to keep you protected.”