It is indisputable that the Internet of Things (IoT) is the next Industrial Revolution, given the impact it will have on the way people, businesses and governments live and work.
Boston Consulting Group (BCG) predicts $267 billion USD will be spent on IoT technologies, products, and services within 3 years.
IoT, then, is the future. But it is also very much the present. As many as 8.3 billion connected things are in use this year, according to Gartner, up 30 percent from last year. The already sizeable proliferation of connected devices means we have to get security right now if we are not to face greater problems down the line.
The dangers of being connected
For all the opportunities inherent in IoT, it comes with its fair share of dangers. The growing number of connected devices opens up new opportunities for hackers, making it vital that IoT device manufacturers ensure they have built-in security functions to protect their customers.
The problem is that there are so many potentially vulnerable points, and so much potential negative impact. Holes in the security systems of IoT devices can put consumer data, corporate IP, and a firm’s entire IT infrastructure at risk.
There are various aspects to this. Manufacturers need to ensure devices – possibly pre-hacked – that come into the network cannot compromise it. We need to make sure an IoT device cannot be used as a trojan horse to get into other devices. We need to make sure someone can’t buy one of our devices and use it to hack others.
But it is not just about the devices. The device connects to the cloud, which opens up a whole new world of possibilities for hackers, so we need to focus on security there too. Data being transferred needs to be encrypted, though this is an area that has generally been sorted out.
Focus on security
Meanwhile, even after these secure devices have been rolled out to the market, they are going to need their firmware to be updated at some point in the future. This needs to be secure to ensure only the manufacturer can carry out updates, and so these mechanisms need to be built in from the start.
These issues need to be adequately addressed if the industry is to develop as predicted. According to research conducted by management consultancy firm Capgemini, 71 percent of executives say security concerns will influence purchase decisions on IoT products.
Of even more concern, only 33 percent of executives believe IoT products are highly secure from cyber security attacks. In spite of this, less than 50 percent of organizations provide privacy-related information regarding their IoT products, and only 48 percent of IoT companies focus on security from the start when designing their products.
This dangerous lack of emphasis was demonstrated late last year when a distributed denial-of-service (DDoS) attack against DYN’s DNS infrastructure saw a number of major sites taken offline, including Spotify and Twitter. This is something that could happen time and time again if we don’t get security right.
The industry is still at an early stage, and still getting to grips with challenges such as security. But with the IoT space expected to develop at a dazzling pace, now is the time to make sure we make the security of our devices – and therefore our clients – a central plank of the development of the sector.
