sb-eu logo
Story image

Expert says thriving IoT security market “shouldn’t surprise anyone”

22 Mar 2018

It doesn’t matter that it seems to only have just arrived, Internet of Things (IoT) attacks are already a reality.

A recent CEB – now Gartner – survey found that almost one fifth of organisations experienced at least one IoT-based attack in the past three years. Because of this, Gartner has issued a very bright forecast for the IoT security market with worldwide spending to reach US$1.5 billion in 2018, a 28 percent increase from 2017’s figure of $1.2 billion.

"In IoT initiatives, organisations often don't have control over the source and nature of the software and hardware being utilised by smart connected devices," says Gartner research director Ruggero Contu.

"We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity.”

Combined, Gartner says these factors will be the main drivers of spending growth with the market expected to reach a whopping US$3.1 billion in 2021.

Huntsman Security head of product management Piers Wilson says this prediction shouldn’t surprise anyone as serious IoT vulnerabilities are being discovered all the time.

“It’s a result of products being rushed to market without proper consideration of security concerns. The explosive proliferation of devices means the attack surface is expanding rapidly, giving hackers more opportunities to attack and leaving defenders scrambling to deal with threats coming from all angles,” says Wilson.

“Companies are now stuck in a situation where, because it’s impossible to retrofit proper security measures onto a device that’s already out there, they’re relying on their security analysts to mitigate the threat.”

Wilson says in the face of these attacks IoT users are often struggling to keep up and find their security teams overwhelmed, eventually leading to mistakes and burnout.

Despite the steady year-over-year growth, Gartner predicts the biggest barrier to growth for IoT security will come from a lack of prioritisation and implementation of best practices and tools – which will hamper the potential spend on IoT security by a staggering 80 percent.

"Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed," explains Contu.

"However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider's alliances with partners or the core system that the devices are enhancing or replacing." 

Gartner found that while basic security patterns have been found in many vertical projects, they are still to be codified into policy or design templates to allow for consistent reuse. Because of this, technical standards for specific IoT security components are only now just starting be addressed.

This lack of ‘security by design’ is a result of the lack of specific and stringent regulations, but Gartner expects this trend to change, particularly in heavily regulated industries like healthcare and automotive.

By 2021, Gartner expects regulatory compliance to become the prime influencer for IoT security uptake.

"Interest is growing in improving automation in operational processes through the deployment of intelligent connected devices, such as sensors, robots and remote connectivity, often through cloud-based services," says Contu.

"This innovation, often described as Industrial Internet of Things (IIoT) or Industry 4.0, is already impacting security in industry sectors deploying operational technology (OT), such as energy, oil and gas, transportation, and manufacturing."

“The solution is relieving the pressure by automating the job of monitoring. An automated system can quickly establish a normal baseline of behaviour for any device so that when bad guys do try to exploit a vulnerability, it becomes immediately obvious,” says Wilson.

“The system can assess the threat and prioritise the most dangerous, allowing security analysts to handle the biggest problems rather than constantly running from pillar to post.”

Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More