Security by design, an approach that seeks to make systems free from vulnerabilities during product design, is gaining popularity in the IoT world. Setting a strong security foundation and designing for privacy is necessary. However, this is just the first step towards achieving viable, long-lasting protection; even the most robust penetration testing regime does not help adapt to unknown attack vectors. In a world of an ever-changing IoT threat landscape, “security by design” is just the tip of the iceberg.
The next level of IoT security requires automatic and large scale detection and action against security compromises. A change of thought is required: security is a continuous effort, rather than a one-time mission during the system design.