{"id":22726,"date":"2021-04-06T07:26:00","date_gmt":"2021-04-06T07:26:00","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/security-trends-to-prepare-for-in-2021\/"},"modified":"2023-08-28T07:04:56","modified_gmt":"2023-08-28T07:04:56","slug":"security-trends-to-prepare-for-in-2021","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/security-trends-to-prepare-for-in-2021\/","title":{"rendered":"Security Trends To Prepare For In 2021"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

After the recent SolarWinds1 hack that impacted the United States federal infrastructure and organizations globally, perhaps now is the time to look at what to expect in embedded-system security this year. Here are seven insights and predictions about how security will be at the forefront of technology at every level, starting with each individual chip, in 2021.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

1. Security will go mainstream.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Among chip vendors, right now we see security in high-end, next-generation, expensive devices that vendors are pushing to companies who need security. Security must be inherent in low-end chips as well\u2014whether it\u2019s an $0.80 or $8.00 microcontroller, they all need to have some level of security.<\/p>\n

While some vendors are making this happen, most are not. Granted, this isn\u2019t black and white. It varies based on what you are protecting, who you\u2019re protecting it against, and the value of what\u2019s being protected. Regardless, every device must have a certain hygiene level that\u2019s higher than it is today. Security must become mainstream, which is where most of the chips used reside, at the one, two, and three dollar range.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

2. We will see the first $100 million dollar hack.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

If we look at the biggest attacks of 2020, one of the biggest was at Norsk Hydro, an aluminum processing plant. It\u2019s estimated that the cost of the impact and rebuilding of their systems, including virtually every system, right down to the digital clock on the wall, was over $55 million. The company did the right thing, it was attacked with ransomware and chose not to pay. They had to return to manufacturing big rolls of aluminum using paper manuals as every system was locked down.<\/p>\n

In 2021, we will likely see that cost double due to systemic attacks. In addition, as systems are becoming so entwined, a rogue attack on a commercial target could bring down entire smart city infrastructure and transportation systems. This will no doubt have enormous implications in cost, productivity, and more.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Security\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

3. The C-Suite will be liable for security.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Whether you\u2019re a Chief Information Security Officer (CISO), CEO, COO, or a board member, the responsibility and liability for product security resides with you. No longer will liability be held with the corporation; instead, it\u2019s transitioning from the company to personal liability. If a company has a breach, the CEO\u2019s job will be on the line.<\/p>\n

We\u2019ve come to this point because cost-sensitivity, while important, often leads to cutting corners to get products out competitively priced. Often security is one of the casualties.<\/p>\n

By transitioning ownership to the C-Suite<\/a> and placing responsibility there, the industry will change. Gartner predicted that 75% of CEOs will be personally liable for cyber physical incidents by 2024.2\u00a0They also predict that the financial impact of cyberattacks will reach $50 billion by 2023. The C-Suite will no longer be able to plead ignorance or hide behind insurance policies.<\/p>\n

Today, companies take out insurance against being hacked, but what happens when your products enable your customers to be hacked? Your liabilities skyrocket. And if you didn\u2019t take the steps needed to prevent it, no insurance companies will cover the losses. The C-Suite will be held accountable. It will be interesting to see what happens following the nation-state sponsored SolarWinds attack and whether this finally moves the focus onto the executive team taking responsibility along with punitive consequences.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

4. IoT hacks will go mainstream.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

So far, most hacks have been in niche products, but there\u2019s a very clear expectation that these will go mainstream. For example, Ring doorbells had real problems recently with the fact that they\u2019re enabling enforcement agencies to backdoor into cameras. Thus, the police had access to people\u2019s videos from the doorbell cameras. If you know what you\u2019re signing up for, then that\u2019s one thing, but in actuality, very few people are aware of the impact on privacy and how they\u2019re monitored. If you can have a backdoor for the police, there\u2019s a potential that other third parties can get in as well. The privacy consequences are scary and huge.<\/p>\n

IoT can be misused. For example, if someone is in a coercive relationship, IoT goes from something that lets you turn on your heat, to a way of monitoring your partner and enforcing limits. It becomes something dangerous. You can know when they leave the house, which rooms they go in, or whether or not they\u2019ve done the housework. It turns something positive into a dystopian nightmare.<\/p>\n

There\u2019s huge ability to misuse IoT in same way that the Internet can be misused. Every advanced tech has two edges. If an IoT hacker can gain control over a connected doorbell, they can use it to plan robberies, start fires, and do virtually anything a criminal mind could imagine.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

5. Tech will need to define a better secure supply chain, globally.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Companies source chips, subassemblies, and other devices from different manufacturers that ultimately are integrated into an end product, such as a vehicle. During this process, at every step along the supply chain, security must be mandated. You must know what\u2019s in your product because you have to take responsibility for it.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Supply\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Frameworks are evolving from organizations like the IoT Security Foundation, which require identity to be built into a product and included in a manifest of how they\u2019re created. Companies will have to demonstrate how a product is managed throughout its entire lifecycle to ensure it\u2019s not cloned, not counterfeit, etc., and that it\u2019s secure. The tech world will have to learn from the food industry and the ways they can trace food, from farm to table, so that if something goes wrong, every product that could be impacted can be identified.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

6. All development will become security-centric.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Security-centric means setting policy at the C-suite level to create a secure supply chain where companies can manage the content in each product as well as the development, upgrade programs, and protect its IP. These policies must ensure security at every step, from design to delivery, and prevent hacks or backdoors.<\/p>\n

In reality, mistakes happen\u2014software is complex. When they do, the policy must ensure that updates are provided securely and in a timely way. Therefore, only the right updates with the right versioning from the right vendor can be applied with proper encryption technology. Security needs to become part of development flow, not separated. Protecting code means protecting customers.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

7. Device-to-cloud capability will become standard.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Every consumer device generated will inherently be cloud native. We must have a mechanism so that every connected device\u2014light bulb, oven, freezer, car, whatever\u2014is easily connected to the cloud. This means each must have an built-in, cloud-native identity that\u2019s transparent to the consumer. Then, a consumer can choose who to work with; e.g., they may use Verizon, then move and change to T-Mobile. This means devices must be smarter, with the ability to be re-sited, to be decoupled by one person and re-coupled by another,<\/p>\n

For example, if you own a refrigerator, you may donate it or sell it when it\u2019s replaced. This requires a smart device with multiple levels of identity\u2014the inherent identity for the original owner, which can be killed and replaced by a new one from a new owner, and it\u2019s all transparent to the consumer. That means we have to think through the device-to-cloud identity, provisioning, and build, so that we can enable it.<\/p>\n

Overall, there\u2019s a quite a bit to accomplish in terms of security in 2021. The good news is that we have the capabilities and minds to do it. As the year goes on, it will be interesting to see how these predictions and insights take shape.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

References<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

1. https:\/\/www.zdnet.com\/article\/solarwinds-the-more-we-learn-the-worse-it-looks\/<\/a><\/p>\n

2. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-09-01-gartner-predicts-75–of-ceos-will-be-personally-liabl<\/a><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Here are seven insights and predictions about how security will be at the forefront of technology at every level, starting with each individual chip, in 2021.<\/p>\n","protected":false},"author":1099,"featured_media":19093,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[945,1477,287,350,409],"ppma_author":[3831],"class_list":["post-22726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-c-suite","tag-embedded-system","tag-iot","tag-security","tag-technology"],"authors":[{"term_id":3831,"user_id":1099,"is_guest":0,"slug":"haydn-povey","display_name":"Haydn Povey","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2021\/05\/Haydn-Povey.jpeg","user_url":"https:\/\/www.securethingz.com\/","last_name":"Povey","first_name":"Haydn","job_title":"","description":"Haydn Povey is Founder and CEO at Secure Thingz that focuses on bringing security to the forefront of the design process."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/1099"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=22726"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22726\/revisions"}],"predecessor-version":[{"id":31648,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22726\/revisions\/31648"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/19093"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=22726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=22726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=22726"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=22726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}