Attack highlights need for greater security

The recent DDoS (Distributed Denial of Service) attack leveraging connected devices manufactured by Chinese manufacturers of network connected video surveillance cameras has triggered massive market attention in recent weeks.

China will continue to play a key role in the manufacturing of end points to drive the worldwide IoT market. This incident will likely highlight the need for worldwide, consistent security standards as a requirement for connected device manufacturers, especially those competing in the international marketplace.

One of the key reasons for the rapid adoption of IoT is the prevalence of "things" (aka connected devices) that can connect to networks to both provide detailed data and respond to control signals. The lowered barriers to adoption coupled with increasingly attractive benefits have fuelled the rapid installation of many "smart" devices by many companies.

However, are these "smart" devices really smart and secure? The short answer is no. IoT exposes non-traditional and noncomputing devices such as home automation systems, electronic goods, which are connected on the network - making security very challenging as it may not be as easy as upgrading anti-virus and malware protection software.

Many IoT device manufacturers, especially those who manufacture consumer-facing devices, are inexperienced in handling IP-connected devices. More importantly, these manufacturers are neither ready nor prepared for the harsh security reality of connecting previously "dumb" objects, resulting in disastrous consequences, such as turning "things" into "bots" or being exploited as entry points into enterprises/Commercial Service Providers' networks.

The Chinese market accounts for a large proportion of the worldwide IoT market and is growing at a robust compound average growth rate. More importantly, lots of IoT device manufacturers are coming from China.

The recent DDoS attack will likely highlight the need for worldwide, consistent compliance to require all the IoT device manufacturers, especially when some of them want to be an international supplier.

Many of the security market players' offerings ignore or marginalize the end point, focusing instead on securing the platform, communications and application layers, rather than the device layer.

Looking forward, manufacturers of IoT devices must calculate the cost of adding security, factoring in the impact associated with tampering, fraud and public safety.

Similarly, regulators, enterprises and CSPs should work together to provide specific guideline or compliance considering the overall security, patch management and authentication of all connected devices.

The author is senior research manager, IDC Asia Pacific.