The IoT is happening - now it’s time to fix its security

InfoSec 2017: Sophos’s James Lyne tells us why it’s time to stamp out IoT security flaws now before they become a truly serious threat.

The Internet of Things has enjoyed a huge surge in growth in recent years, with businesses and consumers alike flocking to get the world around them smarter and more connected.

However it is becoming quickly apparent that as well as offering a number of useful benefits, the Internet of Things could pose a lucrative opportunity for cyber-criminals able to exploit some potentially major flaws.

That’s the warning from Sophos global head of security research James Lyne, who is looking to lead a crusade aimed at improving the state of IoT security before it becomes a huge problem.

Speaking to ITProPortal at the recent InfoSecurity 2017 event in London, Lyne warned that now is the time for tough, immediate action on dangerously unsafe IoT products.

"We're absolutely in a world of release features, release products, push, push, push - and we'll worry about security afterwards,” he notes.

"Some of these products are so bad, it's almost like they've made an effort to suck - they verge on negligence from a security standpoint, they're doing the equivalent of selling a car without brakes...it's indefensible."

"We're in this short period where regulators haven't charged in to fix the issue - but it will happen. Cyber-criminals have started to realise that these devices are useful - look at Mirai - and just one of the ways they can profit from these devices."

The success of the Internet of Things may end up contributing to its security downfall, Lyne notes, as vendors rush to get their products out into the market, without considering security issues fully.

Different products are out running on different software and hardware platforms, all of which have their own security regulations and protection, which can make picking the most secure option extremely confusing, Lyne says.

"As we move from the period of alarmist hand-waving, and saying IoT is bad, on to rubber meets road, we all agree that we have to do something before this stuff is everywhere in our lives."

More thorough regulation, and better education on the consumer and vendor side, seems to be the ideal solution, but is it still a feasible idea?

"They're still toys, there's still time,” Lyne notes, “we have to as an industry, as regulators, as vendors, need to find middle ground to make this stuff better for the public."

"It's time to we move IoT from alarming, scary, yes it's bad, into consideration of our day jobs, and start to think of them as computers...we're past 'it's going to happen' - it IS happening, and now."