Internet-connected devices are reshaping people’s lives, yet they remain among the most highly vulnerable of consumer products, emphasized a global expert on cybersecurity testing and certification on Tuesday, underscoring the critical need for protective measures to be enacted on all such devices worldwide.
In an interview with The Readable, Jerome Hamel, the head of Cybersecurity Technical Governance at Bureau Veritas Consumer Products Services (CPS), emphasized the importance of protecting consumer internet of things (IoT) products. He noted that these products not only endanger the personal data of users but also serve as intermediaries enabling attackers to target critical assets.
Hamel remarked, “Consumer IoT is the weakest link in cybersecurity. While there are often robust security measures in the cloud and on the network itself, the devices connected to the network are very often inadequately protected.”
The interview took place at the office of ICTK, a South Korean firm specializing in security design, during Hamel’s visit to South Korea for his speech at the “IoT Cybersecurity Seminar.” The event was hosted by Bureau Veritas ICTK, a global chip testing laboratory formed in 2017 through a collaboration between two companies: Bureau Veritas and ICTK.
Despite its importance, Hamel explained that the current level of security measures is insufficient, citing one of the reasons as the lack of security considerations during the product design phase. “The individuals who build these devices are not cybersecurity specialists; they specialize in the specific features offered by the IoT device,” noted the expert. “Connectivity is often added merely to enhance service offerings.”
According to Statista, a global firm specializing in data and market analysis, the consumer IoT market is projected to achieve $328.9 billion in global revenue by 2028, marking a more than 50% increase from 2024. International communities are adopting regulatory frameworks to ensure the introduction of secure IoT devices into the market. Specifically, the European Union has updated its regulations, making cybersecurity compliance in the CE marking—a mandatory label for all products sold in the EU market—mandatory starting from August 2025.
Hamel emphasized that while regulations on IoT devices are currently fragmented globally, they will become mandatory in every country because the threat is not specific to any one nation. The expert outlined several crucial standards that should be implemented, including setting secure passwords, requiring manufacturers to patch IoT devices regularly, and disabling unused features before bringing the product to market.
Hamel further emphasized the necessity of establishing a global standard for internet-connected devices, which could reduce costs and enable even small and medium-sized companies to comply with regulations. “It is crucial, especially for cost reduction. Currently, even when discussing similar technical requirements in IoT consumer devices, the certification schemes vary widely,” stated Hamel. “Having a unified testing framework could cover multiple regulations.”
