The proliferation of IoT devices will lead to more data breaches
The proliferation of Internet of Things devices and technology provides new and transformative opportunities for business and industry alike, connecting everyday objects in order to collect and analyse data.
At the end of 2017, Gartner predicts that 8.4 billion connected devices will be in use worldwide. That number is up 31 percent from 2016 and is predicted to reach 20.4 billion by 2020. But as with any type of rising technology, its growth and development comes with challenges.
As the number of connected devices continues to increase, so too will the volume and variety of vulnerabilities that they are laced with, not to mention the potential impact these could have if exploited.
Here are some security-related IoT trends we can expect.
The changing face of vulnerabilities
Recent vulnerabilities have been discovered that are bigger and more impactful than ever before, i.e. attacks on controller area networks (CAN Bus) systems, which are found in all modern cars and can interrupt vehicle safety functions. Rather than being based on specific products or specific vendors, these vulnerabilities are something bigger, and more wide-ranging.
Some products that have been around for years are now facing the discovery of lurking vulnerabilities, which is causing us to question trust in established products as well as new ones.
Acceleration of consolidation
The number of IoT products and platforms is huge and growing, as well as the number of security bodies, initiatives and standards that are coming out. It is inevitable that we’ll begin to see consolidation and standardization, particularly around IoT platforms, with over 300 to 400 different platform products available now. As the market matures, the shake-out will begin.
Safety and security as one
As we look at the IoT, especially at operational technology (OT) type environments and manufacturing plants, where there are industrial systems that are all connected, we’re starting to see how the operational world and the traditional IT world will come together. We will see continued merging of traditional safety (e.g. safety of employees) and IT security. And the more connected devices we see, the more prevalent this integration will become.
Focus on consumers
We will continue to see product manufacturers, particularly on the consumer side, delivering either no security or very poorly implemented security. Consumer awareness of security issues around the IoT will start to increase, but probably not enough to impact their buying behavior. Consumers are driven by cool features and low cost, and security isn’t going to stop most of them from buying those products just yet – but the same people that enjoy turning lights on or ordering pizza from their couch might start thinking a little more about the privacy of the other things they say around their smart home devices.
On the other hand, product manufacturers that chose to invest more in security (either consumer or enterprise), will learn that it’s harder than they think. Encryption is easy – there’s plenty of open source code out there, as well as guidance on good algorithms and key lengths to choose – but doing it well (protecting the key, separating it from the data it protects, and managing it throughout its lifecycle) is another story.
Expertise in this area is in short supply and great demand. We will continue to see even the well-intentioned people who are trying to build in security stumble, leaving vulnerabilities that can lead to unfortunate consequences.
The exciting tools in IoT right now are the analytics tools that try to make sense of all the data, and the visualization tools that try to bring that analysis to life. Vendors of these solutions are seeing their prospects and customers ask harder questions about data protection. After all, if the data can’t be trusted, any effort and resources expended on collecting it, managing it, and analyzing it is wasted.
Expect the pendulum to swing to put more focus on device identification and authentication, and data protection from the point of collection all the way through intermediate and final points of collection.
Along with all the challenges in the IoT comes great potential. Those that can harness it and use it as a competitive advantage stand to position themselves for big wins. And those that see that security can truly be an enabler might just be the ones to start to separate themselves from the pack.