Is your IoT network secure? Source: Shutterstock

Should IoT security be a top priority for you?

THE magic of the Internet of Things (IoT) for a business is that its network is able to tap into a whole ecosystem of smart devices, gathering data in real-time, gigabytes and petabytes of it, to generate insights and aid decision making.

However, this magical ecosystem is a nightmare for cybersecurity professionals. For them, every additional smart device is a gateway to myriad vulnerabilities and cyberattacks.

To secure these end-points, and thus, the corporate network, businesses need a new approach.

Priya Mahajan, Head of APAC Public Policy & Regulatory Counsel, Verizon, who is speaking on the subject at the ConnecTechAsia summit this week, told Tech Wire Asia that traditional IT security measures don’t work for IoT.

“The traditional IT security only offers a perimeter-based approach. This works for cyber-security issues, where a firewall mentality can protect corporate data. But because IoT is always changing, it requires more than conventional security,” said Mahajan.

The Mirai botnet attack of 2016, orchestrated as a distributed denial of service attack through 300,000 vulnerable IoT devices like webcams, routers, and video recorders, showed just how big of an impact the lack of IoT security can have.

A recent Gartner survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years.

To protect against those threats Gartner forecasts that worldwide spending on IoT security will reach US$1.5 billion in 2018, a 28 percent increase from 2017 spending of US$1.2 billion.

Ruggero Contu, Research Director at Gartner said:

“In IoT initiatives, organizations often don’t have control over the source and nature of the software and hardware being utilized by smart connected devices. We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing.

“In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity. These factors will be the main drivers of spending growth for the forecast period with spending on IoT security expected to reach $3.1 billion in 2021.”

Despite the steady year-over-year growth in worldwide spending, Gartner predicts that through 2020, the biggest inhibitor to growth for IoT security will come from a lack of prioritization and implementation of security best practices and tools in IoT initiative planning. This will hamper the potential spend on IoT security by 80 percent.

However, by 2021, Gartner predicts that regulatory compliance will become the prime influencer for IoT security uptake.

Industries having to comply with regulations and guidelines aimed at improving critical infrastructure protection (CIP) are being compelled to increase their focus on security as a result of IoT permeating the industrial world.

Based on her expertise, Mahajan believes that an IoT security strategy must address:

  • Many IoT connections from many locations.
  • Hijacking of physical devices.
  • The security of a variety of devices that come from many different manufacturers.
  • Device identification and management.