Why connected objects are not secure when solutions on the internet exist and are widely used ?
FOCUS ON THE BUSINESS - IoT Manufacturer focuses on his own business functionalities with Time-to-market and cost constraints. Security is not part of his focus.
LACK OF SECURITY EXPERTISE - Security requires a complex expertise not present in the IoT players trades. A security expert addition to the team is expensive and, because the time-to-market pressure and lack of threat awareness, manufacturers decide to overpass the problem.
LACK OF STANDARD SECURITY SOLUTION FOR IOT - Current security solutions must be resized and adapted to the constraints of IoT. IoT end-devices are not in any security perimeter. Thus, a conventional firewall can not be used for its protection. In addition, the solutions must be thin enough to be supported by connected objects which, for the most part, are extremely limited in terms of CPU, memory and connectivity.
LACK OF THREAT AWARENESS - It is not intuitive to understand the threats represented by the connection of an object to Internet. Often, the manufacturer thinks that only the data contained in its object can be threatened by its connection to the Net and just protects them or decides that they are not critical. He does not understand that his device can be a Trojan horse to penetrate the system (house, factory, company) or to serve as an army soldier of thousands of objects to attack highly sensitive targets on the Net ( DDoS)