2020: It’s Time to “Walk the Walk” When it Comes to Software Security
Join the DZone community and get the full member experience.Join For Free
2019 demonstrated that the adoption rate of consumer IoT devices continues to increase. From new doorbells with cameras that connect to smartphones, to advanced TVs and refrigerators that are making the smart home a reality, consumers have access to more connected devices than ever before. But, with this continued IoT explosion sparked by the age of convenience also comes a new, diverse set of security challenges for both vendors and consumers to overcome.
Beyond vulnerabilities in IoT devices, the security risks associated with the usage of APIs continues to increase, primarily due to the lack of secure coding practices and the fact that API implementations abound. APIs are a foundational element in today’s app-driven world. From financial and retail to autonomous vehicles and smart-city use cases, APIs are a critical component of modern innovation and the security of APIs has never been more important.
As I reflect on the widespread vulnerabilities in IoT devices and the prevalence of weak API implementations in organizations that rely heavily on their benefits, I’ve laid out a few expectations for what we can expect to see unfold for the IoT and API landscapes in 2020 and beyond.
You may also like: IoT Security Best Practices.
While we saw IoT vendors “talk the talk” about the importance of IoT security and privacy in 2019, it hasn’t translated to them “walking the walk” yet and truly prioritizing consumer security equally with profit.
With consumers becoming more aware of IoT security issues, vendors will be forced to hold a greater responsibility in certifying that their devices are secure in 2020 and beyond. On the other end of the spectrum, I also expect end-users to take a greater interest in researching vendors’ security track records and credibility before purchasing IoT devices for their own, personal use. This could ultimately lead to irresponsible vendors quickly finding their products stacking up in warehouses and store shelves, as consumers avoid purchasing technologies they’ve heard were involved in some sort of hacking incident.
In the year ahead, API abuses will become an even more prominent catalyst in data breach occurrences within enterprise applications. Today, there’s almost no way to develop a modern application without some sort of API integration; adversaries are taking note, as they're setting their sights on this emerging attack frontier.
API security education will be paramount in 2020 and beyond in order to reduce the related risks and the vulnerabilities that cause them. Developers should leverage resources available to them in order to track the risks that organizations face concerning their usage of APIs.
What This Means for IoT Manufacturers, Developers, and Security Professionals
Across the industry, a pretty clear shift took place in 2019, whereby, security appeared to be top-of-mind for more than just security professionals, as developers and company executives realize they are ultimately responsible for the security issues they cause and often experience. Even IoT manufacturers are increasing their own awareness. This is driven primarily by consumer demands, regulatory requirements, and increasing competition. Compared to even just a year before, most have a much better understanding that information security attacks are here to stay, and steps need to be taken to address the evolving threat landscape.
With that said, we still saw very little action actually taking place to address these clear and obvious issues. The real work begins when we begin turning the security tides from being reactive to proactive as an industry. As we enter a new decade, it’s time for organizations to move beyond naivety and tackle information security issues head-on.
Opinions expressed by DZone contributors are their own.