Internet of things (IoT) technology has innumerable merits that considerably enhance our productivity in both the business landscape, as well as in our day-to-day lives. But this efficiency comes at a price. IoT is a novel technology that is susceptible to more than 70,000 known CVEs (Common Vulnerabilities and Exposures). And despite this astounding figure, the new and emerging technology is still believed to have many more vulnerabilities that have not been yet been discovered by industry players. This makes India\u2019s rapid adoption of the technology a bit perilous from the cyber security perspective. With IoT technology manufacturers racing to bring their products to market, security features are unlikely to be a high priority. As such, this is one of the few areas of technology where regulation may benefit the end-users and the wider security ecosystem. According to cybersecurity player F-Secure, IoT or \u2018smart\u2019 devices are the latest market sensation. This means there is currently a rush to launch new internet-connected products in the market to claim maximum share. However, such devices are usually manufactured by companies with expertise in design and manufacturing, not security. \u201cMost OEMs use open-source technology, but they don\u2019t advertise that fact or provide upgrade paths to consumers. As a result, there may be inherent software vulnerabilities that have not and will never be addressed. What\u2019s worse is that there is no one checking to make sure the required patches are applied. A single vulnerable device can then be used as a vector of attack to gain access to the entire network,\u201d says Keith Martin, head of Asia-Pacific and Corporate Business, F-Secure. \u201cRemember, Hypponen\u2019s Law states: If it\u2019s smart, it\u2019s vulnerable.\u201d Naturally, there are opportunities for cyber security companies such as F-Secure to assist IoT device manufacturers in developing security strategies. F-Secure, for instance, has a cyber security assessment service for hardware and software companies wishing to test their products for vulnerabilities. It is also working with router manufacturers and internet service providers catering to domestic customers. Home routers are the entry points to the internet connectivity of people\u2019s homes. Though home routers may not be IoT devices as such, they are an essential component of connected homes; securing them, therefore, becomes critical. At the same time, F-Secure believes that endpoint protection for personal devices (such as Windows PCs, Macs, Android phones or tablets) is still important. Compromised IoT devices might be used \u201cas is\u201d for malicious activities such as botnet attacks, but they can also be used for infecting other personal devices on the home network. This could then lead to, for example, exfiltration of sensitive personal files or theft of login credentials. Hence, endpoint protection (for the platforms that support it) is still very relevant and needed. \u201cWe believe the best protection for connected homes can only be achieved through a three-layer protection strategy comprising endpoint protection (for supported devices and platforms), in-router security, and cloud-based security,\u201d he says. F-Secure sees three to four major factors which need to be addressed to make IoT devices more secured. One is the lack of financial consequences which encourage manufacturers to make their IoT products (or any online system, for that matter) secure. As long as IoT device manufacturers can get away with selling unsecured products and services without penalties, there is little hope for change. The other factor is the lack of regulation and compliance rules, and the enforcement thereof. IoT devices should be tested and marked according to a robust cyber security standard. The third factor is lack of secure software development expertise. As the need for cyber security expertise grows, IoT device makers find it more and more difficult to hire and retain the necessary talent. \u201cWe recommend and support investing in the education of cyber security experts to address this challenge,\u201d he summed up.