The term Internet of Things (IoT) has almost been beaten to death at this point, as more and more security integrators, manufacturers and customers take advantage of the ability to increase connectivity between devices (and therefore take on the dangers this introduces).

But the methods by which we interact with the IoT and protect its devices are still catching up, which means security manufacturers must take part in shifting their focus toward safeguarding data, engaging in vulnerability testing of products and incorporating stringent protections at every stage of the product development process. One small leak or breach on a single connected device can potentially cause significant damage across an organisation

Who is responsible for IoT security?

One small leak or breach on a single connected device can potentially cause significant damage across an organisation, creating a disruption within a company, affecting its assets, employees and customers. The continued question seems to be: Who is ultimately responsible for the security of IoT devices?

In a recent survey from Radware, a provider of application delivery and cybersecurity solutions, there was no clear consensus among security executives when asked this question. Thirty-five percent of respondents placed responsibility on the organisation managing the network, 34 percent said the manufacturer and 21 percent chose the consumers using the devices as being primarily responsible. 

Several schools of thought exist for each:

  • The Organisation

It's not surprising that most people see the organisation as the main stakeholder for IoT security responsibility; after all, if a company is managing a network, one would expect it to protect the network as well.
One way that the organisation can embrace this responsibility is by adopting a user-centric design with scalability, tactical data storage and access with appropriate identification and security features (for example, the use of multilevel authentication through biometrics in access control).
Organisations must also use their IT team to strengthen the overall cybersecurity of the IoT by keeping up with the latest software updates, following proper data safety protocols and practicing vulnerability testing.

  • The Manufacturer

Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved and effectively communicate them to the integrator or end user.
Providing the education necessary and dedication to protecting users of its equipment makes a manufacturer more trustworthy and understanding in the eyes of an end user. Ensuring encryption between devices is a key step that manufacturers can take to work toward achieving complete protection in the IoT.

  • The User

Despite the protection delivered by the organisation and manufacturer, there's always the option for IoT security to be enhanced or possibly even diminished by the individual user. It's critical that best practices for data protection are in place every time an individual uses a device that is connected to the network.
These include disabling default credentials, proper password etiquette, safe sharing of sensitive information and the instinct to avoid any suspicious activity or requests. Manufacturers that provide IoT-enabled devices as part of a security system must be fully knowledgeable of the risks involved

The short answer to the responsibility question is this: everyone. Each sector has a responsibility to contribute to the protections needed for IoT-enabled devices.

However, as a manufacturer, it is imperative that our teams think about each level of protection when developing products for public consumption, including how the organisation implements the technology and how the integrator engages in training with users. 

IoT issues caused by organisations
Organisations must also use their IT team to strengthen the overall cybersecurity of the IoT by keeping up with the latest software updates

Manufacturer vulnerability testing

One way that manufacturers can implement added protections against outside threats is by boosting their attention to security protocols in the product development stage. For some, this requires a different approach in the design and development of security systems. Identifying vulnerabilities is at the core of this.

A security vulnerability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the system such as mishandling, deleting, altering or extracting data. Increased connectivity makes these vulnerabilities more of a liability, as IP-enabled (or networked) devices are more likely to be breached by outsiders looking to permeate an organisation and collect valuable data. 

A security vulberability in a product is a pattern of conditions in the design of a system that is unable to prevent an attack, resulting in weaknesses of the systemWhile some of these hacks are a little more “simple” in nature — such as outsiders trying to guess a password using manufacturer-set passwords — others are more complex, such as a denial-of-service, where attackers attempt to overload the system by flooding the target with excessive demands and preventing legitimate requests from being carried out. This makes it virtually impossible to stop the attack by blocking a single source.  

As a result of these potential threats — and to help manufacturers deliver best-in-class products — it's imperative that vulnerability testing is done throughout a product's development, starting at phase one in the process.

This includes analysis of the type of cyberattacks that can potentially attach, breach and disable a system. Many manufacturers attempt to hack their own products from within the organisation — or even go as far as hiring a third-party professional group to do it for them. 

Success in a volatile technology landscape 

This kind of development puts a product through rigorous levels of testing, and once weaknesses are exposed, they can be patched up and the cycle of attack-and-defense can take place until the product is protected fully and ready for market.

Skipping this step in the development process can open manufacturers up to significant liability, so it's important for this testing to take place and corrective actions be taken to rectify gaps in security. The more extensive an organisation's security testing approaches are, the better are its chances of succeeding in an increasingly volatile technology landscape. 

But the testing doesn't stop in the development stage. Attacks on a system continue long after the product has been introduced to market, requiring continued updates to be made available in an effort to protect customers. Manufacturers are tasked with implementing further firmware updates to keep a product in the field readily prepared to revoke the latest critical bugs that can affect the market. 

What end users demand from security

We're seeing a significant shift in the education and demand from a customer perspective. In the past, consumers took the advice of integrators and consultants as far as the “right” security systems to install for their needs. Today, the self-education of end users is on the rise as more and more IT departments become involved in the selection and investment of physical access control systems. We're seeing a significant shift in the education and demand from a customer perspective

A larger number of end users are demanding security products that meet IT standards of network protection, and they take these considerations into account when working with integrator partners on the selection of systems to meet their needs.

As a result, manufacturers are tasked with not only developing robust IoT-centric products, but also continuing to be involved on a regular basis in an effort to continuously keep organisations safe. 

A comprehensive security strategy from manufacturers must involve multiple levels of product selection, testing and integration — centered on the team-based approach to implementing training and protocols within an organisation.

While manufacturers are stepping up their game in the development of robust products, this remains a team effort that must be addressed every week — not something you implement, then forget about. The safety of data — and the entire organisation — depends on it.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Kim Loy Director of Technology and Communications, Vanderbilt Industries

In case you missed it

Securing your business while working remotely
Securing your business while working remotely

It's a very common purchase for people to seek a smart security camera to remotely link them to their home whilst at work. Now the emphasis has shifted, with a lot more people working from home, business owners should consider a surveillance device to deter would-be thieves, protecting valuable equipment crucial for businesses to operate successfully. A robust security camera setup can aid existing security staff, and give business owners peace of mind out of hours.    According to a recent report, police forces are having to carry out extra night patrols in empty city and town centres, as burglars target shops, pubs and other commercial premises during the pandemic. During these unprecedented times, investing in a video security system can save you and your business money – and in more than one way. In addition to preventing loss of property from inside, surveillance cameras also prevent acts of theft and vandalism by outside individuals However, technology, improved mobile connectivity, apps, and cloud technologies has changed the security market and made it easy for anyone to set up a surveillance ecosystem with easy installation and constant round the clock, cloud monitoring. Plus, you can access footage from anywhere in the world via devices and apps – just in case you have to skip the country! The best cameras for SMBs Most good cameras have the much same functionality: excellent video and audio capabilities, remote access and programming, motion and sound detection, and the ability to capture still or video images and audio and save the data to the Cloud. But the burning question is, when you're trying to find a need in a haystack, what will work best for a small to medium sized business? A robust security camera setup can aid existing security staff, and give business owners peace of mind out of hours Now you can buy cameras that come packed with features such as integrated night vision, 1080p resolution, microSD card slot for local recording, two-way audio functionality as well as the latest latest 128bit encryption. They also have wide-angle lenses allowing users to see more of their office with a single camera, and some come with free, intelligent AI-Based motion detection. The AI gives users more choices on what is captured by the camera and when they should be alerted. Users can specify what types of motion they would like to detect, such as an intruder as opposed to a dog, an object crossing a defined boundary or into a specific area. They can also define multiple zones, alerting them immediately when movement is detected in particular areas. Easy installation is crucial These security cameras should also be easy enough to install and use that you don't need to fork out for expensive expert installation, and many can work with existing CCTV and CCTV DVR systems you may already have set-up. Many of the business security cameras are Wi-Fi enabled and come with their own apps, so you can view footage on your smartphone or tablet, no matter where you are in the world. It means you don't need to pay for a security team to watch the footage at all times (though if you can afford it, that won't hurt), and you can store your videos locally with an NVR on a HD, in the cloud with mydlink or do both with a hybrid NVR/cloud recorder. The apps use Rich Notifications which send a push notification with snapshot to the mobile device the moment activity is detected. Users can react immediately without the need to log into the app by accessing the camera’s live view or calling one of two pre-assigned contacts with a single tap. Any motion-triggered recordings can be saved in the cloud, or locally on a microSD card. Indoor, Outdoor or both? Indoor cameras can be smaller, more lightweight and are usually less intrusive than bulkier outdoor cameras The primary distinction between indoor and outdoor security cameras is the types of external factors each camera has to be able to withstand. While both types of cameras usually come in similar styles and with comparable features, outdoor cameras need to be able to contend with all types of weather and varying light conditions. Outdoor cameras are also more vulnerable to being tampered with, so they are typically made of more durable materials, like metal, and may be heavier or even housed in a casing in order to discourage easy removal. Indoor cameras can be smaller, more lightweight and are usually less intrusive than bulkier outdoor cameras. Both indoor and outdoor cameras utilise features like infrared, allowing for clear pictures in low light conditions and easy transitions when there is a sudden change in light-changing automatically from colour images in bright light to black and white when it gets darker. When doing your research, features to look out for include: Wide angle lens for optimum room view or full view of the front of your property Full HD 1080p at 30fps   ONVIF compatible - Open Network Video Interface Forum - The forum aims to standardize how IP products within the video surveillance industry communicate with each other. Night vision - look at length of the night vision - 5m is about right Your options will depend on your budget and specific needs, but the above features are a great start when you come to buy.

The future of property security: In-house processing units versus cloud-based video surveillance systems
The future of property security: In-house processing units versus cloud-based video surveillance systems

Nowadays, everything seems easier in the matter of surveillance. Sophisticated technology safeguards our valuables for us without asking for anything in return. But what if it’s not true? What if it comes with a price? Video surveillance systems are a popular way to keep the property under constant control. It’s not rare that the technological sophistication of these systems puts us in awe. They make us feel, and be, safe. Yet, there are doubts when it comes to ensuring privacy. And these worries are understandable. Privacy abusers wait around every corner. Some of the fish for data coming from our monitoring systems. Should we then give up and go back to the in-person property guarding? Not really. Countless advantages make an intelligent video surveillance system worth trying. How to find the best solution within the video surveillance systems? Which system is the most secure in protecting us from the threats of privacy abuse: in-house processing unit, or the cloud? Desire for safety Every human wants to feel safe. At the bottom of Maslow's "Needs Hierarchy," there are two most essential points. We desire to fulfill our physiological necessities - the need for food, water, warmth, and rest. In the second place, also fundamental is a need for security.Security doesn’t only mean keeping burglars away from the property Today's fast-paced world changes its outer expression, yet the significance of security is constant. We crave to feel safe and we are ready to do a lot to achieve it.  The core truth to begin with when it comes to security is its definition. Security doesn’t only mean keeping burglars away from the property. If it did, we would be content with any camera surveillance system, regardless of its privacy threats. The issue is more complex. Humans value their privacy. Not only keeping our valuables safe but also being away from the sight of others matters to us. We put efforts to protect our privacy, whether it comes to houses, businesses, or sensitive data. Data privacy Why is it so important? Ongoing cases of privacy invasions prove that data finds "new owners" very fast. These data takeovers can result in a major inconvenience and robbery on a large scale. Main privacy threats are information collection, processing, dissemination, and invasion. We want to protect data obtained by video surveillance systems. Privacy and security are sometimes compared to water and oilThese are, for example, video registrations, times of entrance to the property, number and identities of visitors, etc. Privacy and security are sometimes compared to water and oil. They say you can have security but you’ll lose privacy. They say you can have privacy, but you’ll lose security. These common convictions inspired a new generation of companies to create privacy-first security solutions. They are, in other words, security systems focused on not sacrificing privacy. Cloud-based systems Most of the time, popular video surveillance systems but at the same time insecure when it comes to privacy are running on the cloud. There has been a long discussion about its safety and it continues to raise privacy concerns. These systems too often fail in ensuring privacy, and they are vulnerable to hacking. Ring, Nest, and other home security companies experienced compromising mishaps on a large scale. It's not a secret that some cloud-based companies partner up with police departments. Also, if your data is too available, tech companies can sell it to advertisers.Data uploaded onto the cloud is exposed for anyone to meddle with Data uploaded onto the cloud is exposed for anyone to meddle with. According to the book The Age of Surveillance Capitalism_ The Fight for a Human Future at the New Frontier of Power by Shoshana Zuboff “Nest takes little responsibility for the security of that information and none for how other companies will put it to use. In fact, University of London legal scholars Guido Noto La Diega and Ian Walden, who analysed these documents, reckon that were one to enter into the Nest ecosystem of connected devices and apps, each with their own equally burdensome terms, the purchase of a single home thermostat entails the need to review nearly a thousand contracts.” Security and privacy vanish once a smart home system enables remote access. In-house processing units It all leads to the conclusion that keeping data in the in-house processing unit is safer and more private. It keeps us away from the eyes of governments, corporates, advertisers, and hackers. And since the market is proactive, solutions in that department came fast. Thanks to the advances to the internet of things (IoT), edge computing, and machine learning, it will be possible in the near future to find different surveillance private-secure systems on the market. A privacy-centered "architecture" processes and stores camera footage inside the propertyThey will combine the most advanced technology with sophisticated privacy protection. In the in-house option, a privacy-centered "architecture" processes and stores camera footage inside the property. For example, one Seattle-based startup is working on a solution that uses specialised IP cameras that work in groups with an edge computing device. An AI (artificial intelligence) algorithm analyses all the footage taken by the cameras. Once it detects anomalies, it notifies the final user. Those systems don't upload any of the customers' data to the cloud, they keep privacy and all the information at the customer's home. The in-house processing unit can learn to differentiate what its user marks as important. The system captures and saves only those pieces of information. Smart surveillance systems To give an example: users who wish to know when their dog is outside can set the cameras to detect it. If they wish to turn a blind eye to burglars, they are free to do it. Smart surveillance systems work with facial matching and pose detection technology. They can detect individuals that haven’t logged on to the system. This tool respects an ethical protocol. It isn’t sensitive to a specific gender, race, or age. Its purpose is to detect behavior identified as suspicious without targeting individual identities. By identifying people who aren’t a part of your daily routine, the system cuts any kind of security risk. The in-house processing unit video surveillance systems "do the watching" for you. The newest in-house processing unit video surveillance systems will sharpen the feature of crucial importance - privacy protectionThat revolutionises the way we think about security. The system that integrates all the security visual sensors into the “brain” of the system is the smartest and safest idea on the market. This “brain” later decides whether to notify the user about the potential danger or let it go. It deletes every irrelevant piece of data on the spot. This kind of cognitive machinery saves both your time and bandwidth. Thanks to them, you get rid of unnecessary alerts. The newest in-house processing unit video surveillance systems will sharpen the feature of crucial importance - privacy protection. The newest technology offers a plenitude of sophisticated surveillance methods. Our task is to choose the right one. The one that not only protects our properties and valuables but also our privacy. 

Key considerations for robust residential security
Key considerations for robust residential security

In the UK, one burglary occurs every 106 seconds. This means by the time you've finished reading this article, at least three will have taken place. Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates and deter opportunistic intruders. With 58% of burglaries said to take place while the homeowner is in, it seems that even the second wave of lockdowns, and an increased number of people confined to their homes, won't do much to eliminate the risk of burglary. Prioritise security for peace of mind Security is paramount, and in the case of new build projects, should be considered from the very beginning of the design process, not as an afterthought. When it comes to securing pre-existing buildings, there are countless security options which will ensure the perimeter is robust enough to withstand opportunistic attacks. It's also worth noting that security features don't have to be complicated. There are plenty of high-tech digital systems flooding the market, which can go a long way to reduce the risk of burglary and will provide peace of mind to the end user. However, this article will demonstrate how traditional security measures, such as high-quality perimeter fencing, can ensure practical safeguarding of properties for years to come.  Selecting robust physical security options to protect property boundaries and homes is essential to limit crime rates Timber! There are a number of different materials which can be specified to create a strong boundary. From metal railings, to timber fence panels, they will each help deter criminals somewhat. Wooden fence panels are a popular choice for their appearance, and the right product and installation can help to increase security.Our timber acoustic fencing can also reduce noise by up to 32dB and has a solid face with no hand or footholds, while still retaining the attractive natural timber aesthetic of a typical garden fence. However, maintenance is key, and one of the first thing burglars will notice is the condition a fence is in, rather than a particular style. Therefore, old, broken or rotten fence panels are a green light for opportunistic thieves. These can be easily broken or bypassed with minimal effort. When specifying fences as part of a new build housing development, we would suggest opting for high-quality timber, as this will ensure that it is protected against rot. Look for products with an extended guarantee or those that don't need additional treatment over the years. The condition of the fence should still be regularly inspected, and simple methods such as clearing piles of leaves away from the base of the boundary can help to prevent rot which weakens the timber.  Securing fence panels The recent rising cost of timber has led to a dramatic increase in fence panel theft, and panels that can be lifted from the posts are an easy target. Mitigate this risk by screwing the fence panels into the posts. This makes it much harder for the panels to be removed from the posts and creates a more secure barrier.  Concrete posts do offer benefits, but we always advise on timber posts for any fencing. They're strong, just like concrete, but they continue the same natural theme as the rest of the fence. Moreover, if you screwed the panels to concrete posts, they would most likely crack and become damaged, and then be at risk to the elements.  Astute design Design is also important. Installing fence rails on the inside of properties to prevent them from being used as climbing aids is highly recommended. Even better, using panels without rails on high-end developments is a clever tip if you want a secure fence with a high-spec look. Security features don't have to be complicated High fences with solid panels and no gaps in between make it considerably harder for potential burglars to climb over. They also offer better privacy to conceal rear garden areas from intruders, and are much sturdier than other alternative panels.  One common mistake is designing in features such as trees or children's climbing frames too close to the boundary. These can be used by burglars as climbing aids when attempting to scale the fence, making access easy. Investigate the surrounding area, which flanks the outside of the property boundary, as an unfortunately placed bin or bench can also help criminals gain entry. If the removal of these items is not possible, designing in a spiky bush can help deter intruders. It's also worth noting that gardens with numerous large features such as bushes or sheds can also negatively impact the level of security. A clear line of sight across the entire garden is highly recommended where possible. If this view is blocked, it's considerably easy for intruders to hide undetected. Front gardens  While tall, solid fence panels are recommended for rear gardens to prevent intruders from being able to see in and climb over, the opposite is true for front gardens. For street-facing gardens, a low fence or hedge is recommended to provide a clear view from the house. It also makes it much harder for intruders to hide from passers-by or neighbours, who can raise the alarm during a burglary. Another useful security technique to consider is a gravel drive. These create noise, which means the homeowner will know when it is in use. Pair this with a strong boundary fence, the likelihood of burglary dramatically decreases. This article only scratches the surface in unveiling the sheer volume of effective home security options on offer to protect homes and gardens. These investments can help minimise the risk of traumatic break-ins, while also simultaneously boosting the aesthetic of the property and its surroundings.