The new ‘Internet of Things’ world is characterized by millions upon millions of connected devices. With more insecure devices and network access points than ever before, ‘Secure-by-Design’ principles are essential for protecting against growing cybersecurity threats.
Over the last few years, digital technologies have transformed the world, affecting all sectors of business activity and daily life. The result is an Internet-of-Things (IoT) world, where everything is instrumented and interconnected.
By the end of 2018, there were an estimated 22 billion IoT-connected devices in use around the world. Forecasts suggest that this figure will increase to 50 billion by 2030 – creating a massive web of interconnected devices. 
To support this highly connected future, thousands of Internet-of-Things (IoT) devices are connected to networks every day. Additionally, appetite for new features and functionality has created a ‘need for speed’ in terms of the development and deployment of new types of devices.
The rapid growth of complex, connected devices
Many IoT connected devices are now highly complex, incorporating advanced AI algorithms and other next-generation features.
IP-based video security cameras are a good example of this. Over the last 15 years, they have evolved from simple analog video cameras, into complex, fully digitalized IoT devices driven by machine learning (ML) and artificial intelligence.
Like other types of devices, evolution has been driven by customer demands for improved functionality and connectivity. This demand also created urgency in the development process, with providers competing to offer the most advanced features as fast as possible to win customers and market share.
Balancing development speed with security considerations
The race to develop more feature-rich, more connected IoT devices has fulfilled customers’ operational needs, but there have often been compromises in terms of security.
After all, building security into all aspects of the production process takes time – a precious resources that is not always available. Because of time pressures, several device manufacturers have opted for development and production speed over security.
The consequences: a global spike in cybersecurity incidents
The consequences of speed over security has been an enormous increase in serious IoT cybersecurity incidents. Cybercriminals have been able to access millions of IoT devices relatively easily, simply because these devices were not developed and produced with security-in-mind.
By the end of 2016, for example, the Mirai Botnet had become world news and IoT security started to get some serious attention. This is a clear example of what can go wrong when insecure IoT devices like baby monitors, network routers, agricultural devices, medical devices, home appliances, DVRs, cameras, or smoke detectors are connected to the internet without proper security provision.
In the case of Mirai, attackers were able to hack into millions of insecure IoT devices – in this case, cameras. They then used the combined computer power of the devices to launch targeted DDoS (Distributed Denial of Service) internet attacks.
And the lesson still hasn’t been learned
Unfortunately, many more cyber incidents with IoT devices have happened since 2016 – and continue to happen every day. Security researchers from F-Secure issued a warning in 2019, that cyberattacks on IoT devices are growing at an unprecedented rate. They measured “a three-fold increase in attack traffic to more than 2.9 billion events.”
In the research, this growing threat was attributed, in part, to “a basic lack of defenses in ageing firmware or architectures, and part down to a lack of info-security housekeeping. Often IT departments are not even aware of all these devices on their networks.” 
The critical importance of ‘Secure-by-Design’ production
One key way to prevent damaging attacks on IoT devices is to improve the defenses of these devices. Unfortunately, it is extremely hard to add effective security after the IoT device is produced and/or installed. Instead, the most effective way to prevent breaches is to implement security during device production – often known as ‘Secure-by-Design’ production.
Secure-by-Design is about building security into every stage of the production process, from the conceptual phase to the final delivery phase – as shown in the graphic below: