The user is always the weakest link
One thing IoT face a lot of scrutiny over is their security measures, or more so, the lack there of. We have seen many recent examples of IoT devices playing key roles in breaches, however, the flaw with placing the judgment on the IoT devices, is that it’s nothing new. IT professionals have been building networks around insecure devices for ages, and that is something likely to never change. Its no surprise that more security requires more resources. The demand in IoT is for cheap, small, and efficient devices, all three of which directly oppose the resources needed for additonal security. Instead, we build networks with the knowledge that they contain insecure devices, and simply harden the network around them to provide additional layers of security. Techniques such as in-line firewalls, monitoring, and network segregation are all fundamental methods that can allow these devices to live securely on our networks and provide ease of mind.
So why are we seeing so many IoT related breaches? Its simple; it’s the implementation. IoT and smart home related products are designed around the “Plug’n’Play” mentality that todays culture has adopted. Long gone are the days of having to configure detailed network settings to get a device online. Most modern devices are simply plugged in and that’s it. These practices have put us in a poor position when it comes to security, as experts with an understanding of network security are no longer involved in the installations, and hiring someone for this purpose would often defeat the low cost of these devices in the first place.
Therefore, the fault does not lie in these IoT devices, but rather in lack of user education. No matter how many layers of security you implement, the weakest part of the system will always be the user, pushing IT departments all over to turn to user awareness training providers to help. IoT is no different.
As the public accessibility of these devices increases, so will the need for mass education on their secure use.