From: Harvard Business Review
The problem is that many IoT devices are not designed or maintained with security as a priority. According to a recent study by IBM Security and the Ponemon Institute, 80% of organizations do not routinely test their IoT apps for security vulnerabilities. That makes it a lot easier for criminals to use IoT devices to spy, steal, and even cause physical harm.
Some observers attribute the failure to the IoT gold rush, and are calling for government to step in to regulate smart devices. When it comes to cybersecurity, however, regulation can be well-intentioned but misguided. Security checklists that are drafted by slow-moving government bodies can’t keep up with evolving technology and hacking techniques, and compliance regimes can divert resources and give a false sense of security. Add up all the different federal, state, and international agencies that claim a piece of the regulatory pie, and you get a mishmash of overlapping requirements that can confuse and constrain companies — but leave hackers plenty of room to maneuver.