This video is fairly short compared to the decades of security research. So we aren’t able to cover everything, just the big picture. But here’s the most important thing to realize:
IoT will never be completely secure.
By definition, having something be electronic and networkable means it can be hacked. And if you’re in business long enough, your device will eventually have security flaws exposed. Now, it shouldn’t be happening often, and hopefully it isn’t something obvious, but there’s just too much code involved in an IoT device so be bug-free.
Recognizing that you will never be 100% secure is the second half of Sun Tzu’s quote about knowing the enemy and knowing yourself. And that will guide you in your IoT product design.
You should assume that your firmware will get decompiled, and that your service database will be downloaded. So, think about how you can minimize the impact of those events. Don’t store plain-text data that, once released, is devastating. Don’t write your own cryptographic methods that, once reverse-engineered, unravel your network’s authentication scheme. If you have to store data securely, rely on experts at services that do it well, they can be partners that let you focus on the customer experience.
And most importantly, care about your customer data. To you, a leaked database is a statistic, to them it's a tragedy. Tell them that their security matters, be open about how you’re going to do it, and listen when experts try to warn you about security flaws.