In March 2018, Senator Mark Warner, D-Va., told CNBC the US government needs to worry about Internet of Things (IoT) security. The Vice Chair of the Senate Intelligence Committee—who knows a lot about cybersecurity thanks to his work investigating Russian hacking concerns related to the 2016 US election—has become very concerned about the state of IoT security trends.
“Any IoT device that we purchase with public dollars has to be patchable, can’t have an embedded password, ought to have some ability of known vulnerabilities so that at least we guarantee that the billions of devices the government will buy over the next few years don’t come fraught with peril,” Warner said. He’s absolutely right to be concerned about IoT security. IoT is growing fast, and security has not kept up.
The upside to the widespread security gaps is that they’re driving awareness in the market about the need to improve. Increased awareness is seeding IoT security trends, which are leading to more innovative solutions.
Watch out for security vulnerabilities
Gartner estimates that “worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion.”1 The McKinsey Global Institute predicts IoT could have an annual economic impact of $3.9 trillion to $11.1 trillion worldwide by 2025. Those are big numbers—and, perhaps, overly optimistic. Weak security could become a major hurdle preventing the market from reaching its full potential.
In its 2018 list of IoT predictions, Forrester said, “Security vulnerabilities are a significant worry for firms deploying IoT solutions—in fact, it’s the top concern of organizations looking at deploying IoT solutions. However, most firms don’t consistently mitigate IoT-specific security threats, and business pressures overwhelm technology security concerns.”
More connected devices create more entry points for hackers, which translates into an exponential increase in new security threats. Not only is the attack surface bigger, but there are dozens more vulnerabilities, including insufficient authentication and authorization, unsecured network services, lack of transport encryption, unsecured cloud and mobile interfaces, and poor physical security. These weak points make it possible for all manner of threats to slip in. For example, in 2016, the Mirai botnet infected hundreds of thousands of IoT devices, including printers, routers, and internet-connected cameras, which were then used to launch a DDoS attack. Spam, APTs, ransomware, and data theft are also concerns.
It’s not just the devices or even a business’s network at risk—weak IoT security is also a compliance problem. According to a Gartner Market Insight report, “By 2020, more than 50 percent of IoT projects will expose sensitive information due to failures to leverage hardware security features, up from less than 5 percent today.”2 Companies in the financial and healthcare space have a legal responsibility to protect their users’ data and can be penalized if they fail to.
Turn these threats into opportunities
The reality is most IT security teams don’t have the specialized knowledge needed to support IoT devices. Take the state of printers as an example. Gartner, in their “Market Insight: IoT Security Gaps Highlight Emerging Print Market Opportunities” report, notes that: “Although print security solutions are adapting to evolving regulatory requirements, the print industry generally lacks security standards, challenging the interoperability of print technology with broader security solution ecosystems.”2 If security is lagging on printers, just imagine the state for newer technologies, considering the fact that printers were some of the first internet-connected devices in office environments.
Thanks to highly publicized incidents, like Mirai, awareness about gaps in IoT security is on the rise. This has led to a wave of IoT security trends in response to these gaps, as well as evolving IT regulations, which are significantly impacting the print security market. A key driver of this growth is increasing regulatory compliance, and entrepreneurs are embracing the business opportunities existing in helping companies keep up with IoT security trends and IT regulations.
Returning to the printer example, some forward-thinking companies are starting to produce smart, modern printers that are secure by design. These devices continuously monitor themselves, detecting and stopping attacks before they start and self-healing when necessary. This type of built-in device security can be an excellent model for securing other IoT devices.
The possibilities for IoT to transform all aspects of business—from how products are made to how companies are run—are staggering. IoT security doesn’t just represent an opportunity for companies that make or deploy IoT technology; it represents an opportunity for everyone who wants to be on the cutting edge of today’s increasingly connected world.
- Gartner Press Release, “Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018,” March 21, 2018. https://www.gartner.com/newsroom/id/3869181.
- Gartner, “Market Insight: IoT Security Gaps Highlight Emerging Print Market Opportunities,” Kristin Merry Von Manowski, Deborah Kish, October 31, 2017.