Organizations globally cannot ignore the threats that present themselves when using solutions and devices on the internet of things (IoT), Kasia Hanson at Intel says.

A connected world with the IoT

Today, AI is driving transformation across all industries in the internet of things (IoT), fostering self-healing systems and new revenue streams by applying intelligence locally on even the most regulated data.

This transformation is reflected in IDC’s report that over 56% of enterprises plan to deploy AI at the edge within a year.

As they do so, network infrastructure and edge AI will become more intwined, because the decentralized nature of AI necessitates a sophisticated, real-time software-defined network fabric.

Yet while the rapid digitalization of the network and edge presents significant opportunities for organizations in every industry including security, it’s also leading to an exponentially expanding attack surface.

This, in turn, increases security challenges, with risks like zero-day exploits, combinatory threats and geopolitical issues leading to cyber-attacks.

These threats impact cities, businesses in all vertical segments in the IoT and infrastructures globally, and organizations underestimating or ignoring these risks face significant impacts.

AI represents a new level of danger

These threats become even more critical as AI – especially generative AI (gen AI), moves closer to the edge where the data is generated.

It is not an overstatement to say that a compromised gen AI model could yield catastrophic results.

Most organizations – even those that understand how crucial security is – don’t fully grasp their current vulnerabilities or the solutions they need to keep up with evolving threats.

They simply “don’t know what they don’t know,” which can lead them to wonder if the solutions they choose today will be strong enough to handle tomorrow’s unparalleled risks (as well as the regulations designed to mitigate those risks).

Defense starts with a strong foundation

Today’s IoT technologies have created transformative benefits for society, such as the convenience, efficiencies and insights gained through cloud computing, AI and machine learning.

Yet they’ve also generated a massive amount of new security risks, with multiple points of entry for threat actors.

These risks apply to nearly every organization including smart cities – and they aren’t going away. 

It is estimated 93% of networks are vulnerable to cyber-attacks and by 2031, new ransomware attacks are expected to happen every two seconds.

While traditional software-based approaches to cybersecurity once provided adequate protection for organizations, today’s threat landscape demands a different approach – layers of defense.

Security must start with the silicon – the essential building block to create hardware with an innovative mix of purpose-driven architecture to accelerate software’s capabilities while hardening defenses down the compute stack.

Also, IoT products must be designed and rigorously tested to withstand evolving security threats and meet increasingly stringent government regulations.

These products can then become foundational technology for security solutions, co-engineered with trusted partners who belong to a robust ecosystem.

Embracing security

ABI Research recently released a study on “Embracing Security as a Core Component of the Technology You Buy”, sponsored by Intel.

In this study, ABI assesses the importance of integrated product security and supporting programs that ensure products are safe and secure as a foundational security posture.

Excerpt from the ABI Report (2024):

Due to the rapidly evolving cybersecurity landscape, and the effort by hostile actors to find and exploit reported software and hardware vulnerabilities, companies are facing more sophisticated threats.

While IT departments are using security assurance to help secure their systems, technology vendors are applying enhanced security assurance practices to proactively improving the resilience of their products and their responses when a security vulnerability is found in a product.

Product security assurance spans both hardware and software, consisting of people, practices, and processes that act as the first line of defense in any technology system.

Systems, after all, are only as good as the components they are made of.

Vendors must take a layered approach to product security assurance and invest in the personnel and processes, in addition to the technologies to embed security throughout operations and product development lifecycles.

Security assurance is proving to be particularly vital in the chipset industry.

Device supply chains are becoming more complex, raising concerns about counterfeiting, data exposure, and component substitution.

Enforcing standards and regulations has, therefore, become challenging due to the lack of full transparency and visibility in the supply chain.

As a result, demand is growing for holistic product security assurance frameworks that instill high levels of confidence in customers.

ABI Research sought to understand the product security assurance landscape from the perspective of enterprise customers, as well as the chipset semiconductor vendors that need to ensure that the most robust security assurance framework is in place.

A survey of 302 enterprise customer-based respondents was conducted to gain insight into how they view the product security assurance of the technology equipment they are purchasing.

ABI Research delved into the issues, concerns, and priorities enterprise customers have regarding the security of the Information Technology (IT) equipment they are purchasing.

A mature Secure Development Lifecycle (SDL), bug bounty programs, well-structured internal product security training, and industry engagement are critical processes for implementing security assurance and compliance requirements into all stages of product development.

These areas were raised as important distinguishing factors for a strong security posture in the survey.

Some of these practices, like SDL, were also seen as the capability that needed the most improvement and transparency from technology vendors.

Further in the report, ABI shares in the release that Intel product assurance leads the silicon industry and has a strong foundation built from mature SDL, Product Security Incident Response Team (PSIRT), and bug bounty programs.

Overall, the company continues to push the industry forward in product security assurance as a semiconductor leader.

As the security industry evolves into physical-cybersecurity convergence, starting with a strong product assurance foundation is critical.

This creates a solid foundation to build layers of defense as threats increase.

We invite technology and security practitioners to view the report here.

This article was originally published in the July edition of Security Journal Americas. To read your FREE digital edition, click here.