Story image

Expert says thriving IoT security market “shouldn’t surprise anyone”

22 Mar 2018

It doesn’t matter that it seems to only have just arrived, Internet of Things (IoT) attacks are already a reality.

A recent CEB – now Gartner – survey found that almost one fifth of organisations experienced at least one IoT-based attack in the past three years. Because of this, Gartner has issued a very bright forecast for the IoT security market with worldwide spending to reach US$1.5 billion in 2018, a 28 percent increase from 2017’s figure of $1.2 billion.

"In IoT initiatives, organisations often don't have control over the source and nature of the software and hardware being utilised by smart connected devices," says Gartner research director Ruggero Contu.

"We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity.”

Combined, Gartner says these factors will be the main drivers of spending growth with the market expected to reach a whopping US$3.1 billion in 2021.

Huntsman Security head of product management Piers Wilson says this prediction shouldn’t surprise anyone as serious IoT vulnerabilities are being discovered all the time.

“It’s a result of products being rushed to market without proper consideration of security concerns. The explosive proliferation of devices means the attack surface is expanding rapidly, giving hackers more opportunities to attack and leaving defenders scrambling to deal with threats coming from all angles,” says Wilson.

“Companies are now stuck in a situation where, because it’s impossible to retrofit proper security measures onto a device that’s already out there, they’re relying on their security analysts to mitigate the threat.”

Wilson says in the face of these attacks IoT users are often struggling to keep up and find their security teams overwhelmed, eventually leading to mistakes and burnout.

Despite the steady year-over-year growth, Gartner predicts the biggest barrier to growth for IoT security will come from a lack of prioritisation and implementation of best practices and tools – which will hamper the potential spend on IoT security by a staggering 80 percent.

"Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed," explains Contu.

"However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider's alliances with partners or the core system that the devices are enhancing or replacing." 

Gartner found that while basic security patterns have been found in many vertical projects, they are still to be codified into policy or design templates to allow for consistent reuse. Because of this, technical standards for specific IoT security components are only now just starting be addressed.

This lack of ‘security by design’ is a result of the lack of specific and stringent regulations, but Gartner expects this trend to change, particularly in heavily regulated industries like healthcare and automotive.

By 2021, Gartner expects regulatory compliance to become the prime influencer for IoT security uptake.

"Interest is growing in improving automation in operational processes through the deployment of intelligent connected devices, such as sensors, robots and remote connectivity, often through cloud-based services," says Contu.

"This innovation, often described as Industrial Internet of Things (IIoT) or Industry 4.0, is already impacting security in industry sectors deploying operational technology (OT), such as energy, oil and gas, transportation, and manufacturing."

“The solution is relieving the pressure by automating the job of monitoring. An automated system can quickly establish a normal baseline of behaviour for any device so that when bad guys do try to exploit a vulnerability, it becomes immediately obvious,” says Wilson.

“The system can assess the threat and prioritise the most dangerous, allowing security analysts to handle the biggest problems rather than constantly running from pillar to post.”

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.