The below table lists the popular security attacks, over the period.
Sl.NO | Year of Attacks | Popular Attacks | Infected Devices |
---|---|---|---|
1 | 2018 | Zwave Hack | 100 million |
2 | 2018 | Meltdown Spectre | Nearly Every Computer |
3 | 2017 | Krack | Nearly Every WiFi |
4 | 2017 | Infineon ROCA | Chrome Book and windows devices created by Fujitsu, HP and Lenovo |
5 | 2017 | BlueBorne | 8.2 Billion Devices |
6 | 2017 | WannaCry | 300 K devices |
7 | 2016 | Mirai | 2.5 M devices |
8 | 2014 | HeartBleed | 200 K devices |
9 | 2010 | Stuxnet | 2.5M devices |
As per Symantec 2018 internet security threat report, the increase in percentage of internet security attack is 600.
Cost of security breach are not cheap
As per www.ncxgroup.com,
“A new survey by Altman Vilandrie & Company finds that nearly half of U.S. firms using an IoT network have been hit by a security breach, which can cost up to 13% of smaller companies´ annual revenue
48% of organizations have experienced at least one IoT security breach.
Nearly half of companies with an annual revenue above $2 billion estimated that the potential cost of one IoT breach is more than $20 million.”
Federal Trade Commission (FTC) on Security
As per FTC,
“For systems with significant risk, companies should implement a defense-in-depth approach
companies should build security into their devices at the outset, rather than as an afterthought. As part of the security by design process, companies should consider:(1) conducting a privacy or security risk assessment; (2) minimizing the data they collect and retain; and (3) testing their security measures before launching their products. Second, with respect to personnel practices, companies should train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization”
Defense-In-Depth
Defence-in-depth demands,
- Secure communication layer ‒ TLS
- Secure Application Layer ‒ Secure the data
- Limiting the collection of data needed for the application
- Encrypting all data collected while in communication and protected at storage.
- Sometimes each record needs to be encrypted individually
Security Needs
OEM Perspective,
- To protect the ecosystem with secure firmware data loading (Secure FOTA)
- Authenticated, genuine firmware to be executed by the hardware.
- Recurring revenues from licensing, accessories, and disposables/consumables
End User Perspective,
- To protect their stored identity information (Bank details, medical, and etc.,).
- To protect the stored identity information of their loved ones.
- To protect their private life data from the stolen device
Service Provider Perspective
- To protect access to their services (Mobile data, etc.,)
Though it is everyone responsibility, OEMs brand will be seriously harmed in all these unsecure environments. So, it is the OEM's responsibility to address them all.