Story image

Expert says thriving IoT security market “shouldn’t surprise anyone”

22 Mar 18

It doesn’t matter that it seems to only have just arrived, Internet of Things (IoT) attacks are already a reality.

A recent CEB – now Gartner – survey found that almost one fifth of organisations experienced at least one IoT-based attack in the past three years. Because of this, Gartner has issued a very bright forecast for the IoT security market with worldwide spending to reach US$1.5 billion in 2018, a 28 percent increase from 2017’s figure of $1.2 billion.

"In IoT initiatives, organisations often don't have control over the source and nature of the software and hardware being utilised by smart connected devices," says Gartner research director Ruggero Contu.

"We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity.”

Combined, Gartner says these factors will be the main drivers of spending growth with the market expected to reach a whopping US$3.1 billion in 2021.

Huntsman Security head of product management Piers Wilson says this prediction shouldn’t surprise anyone as serious IoT vulnerabilities are being discovered all the time.

“It’s a result of products being rushed to market without proper consideration of security concerns. The explosive proliferation of devices means the attack surface is expanding rapidly, giving hackers more opportunities to attack and leaving defenders scrambling to deal with threats coming from all angles,” says Wilson.

“Companies are now stuck in a situation where, because it’s impossible to retrofit proper security measures onto a device that’s already out there, they’re relying on their security analysts to mitigate the threat.”

Wilson says in the face of these attacks IoT users are often struggling to keep up and find their security teams overwhelmed, eventually leading to mistakes and burnout.

Despite the steady year-over-year growth, Gartner predicts the biggest barrier to growth for IoT security will come from a lack of prioritisation and implementation of best practices and tools – which will hamper the potential spend on IoT security by a staggering 80 percent.

"Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed," explains Contu.

"However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider's alliances with partners or the core system that the devices are enhancing or replacing." 

Gartner found that while basic security patterns have been found in many vertical projects, they are still to be codified into policy or design templates to allow for consistent reuse. Because of this, technical standards for specific IoT security components are only now just starting be addressed.

This lack of ‘security by design’ is a result of the lack of specific and stringent regulations, but Gartner expects this trend to change, particularly in heavily regulated industries like healthcare and automotive.

By 2021, Gartner expects regulatory compliance to become the prime influencer for IoT security uptake.

"Interest is growing in improving automation in operational processes through the deployment of intelligent connected devices, such as sensors, robots and remote connectivity, often through cloud-based services," says Contu.

"This innovation, often described as Industrial Internet of Things (IIoT) or Industry 4.0, is already impacting security in industry sectors deploying operational technology (OT), such as energy, oil and gas, transportation, and manufacturing."

“The solution is relieving the pressure by automating the job of monitoring. An automated system can quickly establish a normal baseline of behaviour for any device so that when bad guys do try to exploit a vulnerability, it becomes immediately obvious,” says Wilson.

“The system can assess the threat and prioritise the most dangerous, allowing security analysts to handle the biggest problems rather than constantly running from pillar to post.”

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.