With today’s looming cybersecurity threats and frequent cyberattacks emanating from IoT devices, industry leaders must take a look at the state of IoT security and enhance security across industries – it’s far overdue.

Just look at the data: vulnerabilities impacting connected IoT, IT, and medical devices rose 34% in the second half of 2021, and a recent survey of those responsible for industrial IoT and operational technology found that 94% had experienced a security incident in the past year.

If this wasn’t enough, as connected devices have taken on crucial roles in many industries – from agriculture to manufacturing, to energy and supply chains – the IoT security landscape has become more and more fragmented, complex, and confusing with regulations varying across nations, industries, and organizations.

Today we need unity and a path to navigate the fragmented ecosystem, and there are three ways we can get there:

• Collaborate.

It’s clear we can’t succeed as individual organizations. More organizations need to join forces around the common goal of bettering IoT security, and in turn, safeguard critical infrastructure that impacts the livelihoods of individual people, businesses, governments, and economies. To continue making headway, collaboration needs to stay at the forefront of future and security-minded strategy.

Join an alliance, exchange ideas about security solutions, and pursue the implementation of industrywide accepted standards focused on certification, compliance, transparency, and visibility.

Commit to data sharing. For too long organizations have kept critical information in silos, limiting the global industry’s ability to better understand the vulnerabilities and risks we all face. Sharing data creates faster action to mitigate risk, and ensures testing and third-party validation meet the appropriate baseline security requirements.

Working together will help us get ahead of attackers seeking to exploit the weaknesses in the current fractured environment.

• Promote transparency.

Third-party testing and validation enables peace of mind for organizations, partners, and customers alike as hackers continue to grow bolder in their targets and the sophistication of their strategies. 

Start with transparency. If we had an industry-wide requirement for businesses to implement security standards for IoT devices before going to market and make them transparent to customers, such as certification and the standards, then customers would understand the benefits and wouldn’t accept any other alternative. This would let the industry better manage risk by maintaining a standard level of security across all IoT devices, and customers to hold businesses accountable to such standards. 

• Support harmonized IoT security guidelines.

For the most part, global IoT security regulations are fragmented and limited. They’re confusing to navigate and require an exhaustive research process to understand which applies to the company’s devices, customers, and industry – adding too much unnecessary noise to be practical, let alone efficient.

We need alignment not just to fight back against hackers exploiting vulnerabilities in untested IoT devices, but also to fuel innovation. Without global, synchronized security standards, IoT won’t have the runway it needs to evolve. It will become a detractor rather than an enabler.

With simple, predictable, and unified IoT security guidelines, we can ensure security becomes part of IoT development from start to finish.

• The future of IoT security

Without industry-wide collaboration, buy-in of harmonized standards, and the exchange of data and best practices that fortify IoT device security, we’ll continue to see increasingly devastating attacks, and we’ll also debilitate the evolution of IoT into more critical and impactful applications.

If industry leaders can’t pave a path forward or join such groups that already engage in data-sharing and synchronized security guidelines, we’ll continue to bear witness to detrimental consequences that strike at the hearts of businesses and personal privacy, as well as governments, economies, and resources.

IoT security depends on all of us working together in a unified front against the attackers seeking to exploit IoT vulnerabilities, but also against the patchwork of IoT security regulations that burden organizations who are trying to do right by their customers.

By coming together around harmonized IoT security guidelines, we can better contain risks, ensure transparency, and open up the future potential of IoT.

Grace Burkard, director of operations, ioXt Alliance