The Rise of IoT: Why Security Must Be Built In from Day One

Today’s consumer devices—from kettles to smart TVs—are increasingly connected, turning everyday objects into internet‑enabled “things.” Even medical equipment such as pacemakers and insulin pumps often rely on local networks. According to Art Dahnert, managing consultant at Synopsys, Inc., this trend has been accelerating for years and shows no sign of slowing.

The upside of connectivity comes with a darker side: a growing number of IoT devices are being compromised. High‑profile incidents include security cameras hijacked into botnets, smart TVs used for surveillance, and fitness trackers exploited to uncover classified sites. These attacks typically occur because the underlying software was not designed with security as a priority.

Vulnerable Vehicles

Modern cars illustrate the problem vividly. A single vehicle today may contain over 100 micro‑processors and millions of lines of code, all supporting features such as adaptive cruise control, lane‑keeping assist, autonomous parking, and emergency braking. The rush to market and complex codebases often lead to security being an afterthought. In 2016, a Houston gang stole more than 30 Jeeps by exploiting software vulnerabilities that bypassed vehicle security controls.

These incidents underscore that an insecure vehicle is a lucrative target for attackers, not only for physical theft but also for data exfiltration and sabotage.

What Can Be Done?

Securing IoT starts with a cultural shift: companies must treat security as a foundational element rather than an afterthought. Key steps include:

• Secure‑by‑Design Training: Equip development teams with best‑practice guidelines for writing secure code and architecting systems that isolate sensitive data.
• Secure Architecture: Adopt designs that avoid transmitting passwords or tokens in clear text and enforce least‑privilege communication between components.
• Integrated SDLC: Embed security checkpoints throughout the software development life cycle, including static code analysis at every build and mandatory penetration testing before production release.
• Continuous Monitoring: Deploy firmware updates and patch management processes to address newly discovered vulnerabilities promptly.

Security is a journey, not a destination. With the proliferation of IoT devices—from smart kettles to autonomous vehicles—every connected “thing” must be designed with resilience in mind to protect users, data, and infrastructure.

The author of this blog is Art Dahnert, managing consultant at Synopsys, Inc.

About the author:

Art Dahnert is an Information Security consultant with over 19 years of IT experience, including more than 9 years in application penetration testing. He has completed hundreds of security risk assessments, penetration tests, and vulnerability assessments across web, desktop, and mobile platforms. Dahnert’s expertise spans small web applications to large enterprise banking systems and U.S. military‑specific deployments.