Arm Newsroom Blog

Certification and Collaboration Key to Closing IoT Security-Perception Gap

When it comes to security today, says David Maidment, Arm's director of secure devices, there’s perception and then there’s cold, hard reality.
By David Maidment, Director of Secure Devices Ecosystem, Arm

Here’s the reality: Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, which is triple the 2015 figure. To get a sense for how pervasive the problem is, Symantec set up a “honeypot” system that detected almost 19 million attacks on its IoT devices in the first quarter of 2020. That’s more than 100 attacks every second of every day, up 13 percent compared with the previous year.

When it comes to IoT security, most of us are familiar with these types of data hacks. But when it comes to trying to make a dent in those trends, perception is a problem. A new report just released by PSA Certified suggests some positive trends: The vast majority of executives know IoT security is a critical issue they need to address today. In fact, the report, Bridging the Gap, indicates that 90 percent of technology decision-makers believe IoT security to be important to their company, for reasons including product differentiation and legal protections. In addition, 90 percent agree security will be important to their company five years from now.

PSA Certified Security Report 2021
Click to access the report

Smaller companies struggle with security

But there are more worrying trends: Nearly 90 percent believe their organizations are either on track or ahead of the pack when it comes to security implementations on IoT devices. This rate is higher for respondents in large organizations compared with smaller companies (1-49 employees), where less than half are satisfied with the level of security expertise in their organizations. In fact, smaller companies tend to struggle with security implementations, when it comes to cost and resources and just the ability to hire security experts into their teams.

These are all significant numbers, but here’s where the disconnect comes in: Less than half (47 percent) carries out a threat model as part of the design of each new IoT device. Only one in three smaller companies does this. In addition, factors such as upfront cost and potential financial liabilities are challenges in expanding their security efforts.

Software is considered by far the biggest challenge to secure systems according to respondents, but more and more people acknowledge the importance of rock-solid hardware security. The vast majority, in fact, see a Root of Trust (RoT) as important in their designs. In fact, respondents are starting to value software, chip and device all playing vital parts in the security equation.

This is a key transformation in industry thinking, which stretches back to Arm’s first Security Manifesto, released in 2017 (and revised in 2018). That ground-breaking document championed a collection of beliefs including that security is a collective responsibility and that no company is exempt from the Social Contract with users.

Eighty-four percent see value in industry certification

Encouragingly, respondents see a path toward more cohesive and coherent industry-wide security, even though many tend to agree that fragmented standards are an issue today. Eighty-four percent see value in the role of industry certification as part of their security efforts and an identical percentage of respondents see value in industry collaboration and cross-market knowledge sharing to improve IoT security. Yet, today, only half use external lab testing as part of their security protocols.

There’s work to be done indeed. PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standardized resources to help resolve the growing fragmentation of IoT requirements and ensure security is no longer a barrier to product development.

PSA Certified consists of a four-step program that guides OEMs through the security design and development process: Analyze, architect, implement and certify. Adherence to PSA Certified protocols embeds security into the beating heart of products and can protect brands, bolster revenue, enhance a company’s reputation and even act as a key selling point.

Read the PSA Certified Security Report 2021

As we look to the future of our connected world, it is pivotal to understand the challenges ahead. The inaugural PSA Certified Security Report 2021 takes a look at what is needed today to equip manufacturers with the skills to secure tomorrow.

Article Text
Copy Text

Any re-use permitted for informational and non-commercial or personal use only.

Editorial Contact

Brian Fuller and Jack Melling
Subscribe to Blogs and Podcasts
Get the latest blogs & podcasts direct from Arm

Latest on Twitter