Connected devices invite attackers, making the Internet of Things (IoT) a worrisome trend from a security perspective, said Ted Harrington, executive partner at Independent Security Evaluators speaking on a panel at SC Congress Toronto.
In reality, he said, many companies don't take security into consideration during the planning and building phase of new devices.
“Security should be built-in and not bolted on,” he said.
Oftentimes, rushing products to market has teams pushing security aside and focusing instead on user experience, for example.
Harrington said considering security at the start of a project doesn't have to mean allotting extra time; rather, it requires asking simple questions. At the start, ask what product is being built and who the primary users will be. Then talk about the assets the device will access and what adversaries would want to access them. From that, build a threat model and use it during the production process.