Securing the Internet of Things Will Always Come at a Price

In your home, in your car and in your office, connected devices and sensors are radically transforming the way human beings interact with data.

The rise of the Internet of Things (IoT) – loosely defined as any data-collecting or data-sharing device or tool that can be accessed by and monitored through the internet – is more than just a passing fad. In the near future, this technology will be as common as Wi-Fi or the cloud and, in fact, will rely a great deal on both of those now eminently common technologies.

But having all these devices hooked up to every household appliance, highway and office means a greater risk of security breaches, hacking incidents and general malfeasance that always accompany cutting-edge technology.

Gartner predicts security spending directly tied to IoT will exceed more than $3.1 billion by 2021, up from $1.5 billion in 2018. Trying to plan for and execute meaningful and comprehensive security protocols in the midst of this explosion of connected devices is not for the faint of heart.

At the end of 2017, security experts said there were approximately 8.4 million internet “connected things” in use worldwide. By 2020, that figure will rocket up to more than 20.4 billion devices.

Consumer devices, things like smart TVs, washing machines, security systems, etc., account for roughly 60 percent of all IoT devices today. But the mix is expected to even out over the next few years as business and commercial equipment is updated with internet-connected models.

Meanwhile, Gartner found that about 20 percent of organizations currently using IoT devices in the field were subject to at least one IoT-based attack in the past three years. Keep in mind, this is just the infancy of this technological metamorphosis.

No matter how sophisticated or diligent a company is about IoT security, there are always numerous vulnerabilities that cannot be accounted for internally. In many ways, until universal, standards-based security protocols and practices are established, companies will be on edge even if they’re enjoying many of the benefits this enhanced data provides.

“In IoT initiatives, organizations often don’t have control over the source and nature of the software and hardware being utilized by smart connected devices,” Ruggero Contu, a research director at Gartner, said in the report. “We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity.”

The biggest challenge facing companies of all sizes is figuring out how to define and implement these security best practices. In short, you can’t really know all that you’re going to need to know as the technology evolves.

“Most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed,” Contu added. “However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider’s alliances with partners or the core system that the devices are enhancing or replacing.”

By 2021, pundits predict regulatory compliance will drive IoT security projects. Forcing industries – whether it’s transportation, health care or banking – to comply with a minimal level of security regardless of their role or position on the data-collection loop, which should help sort out much of this uncertainty. But it’s going to take time.

In the meantime, consumers and business owners will continue to be beset by security breaches, hacking attacks and garden-variety mishaps that cost time and money and erode brand confidence and reputation.

A recent report from Radware, an Israel-based provider of load balancing and cybersecurity services for data centers, found that the average cost of a typical cyberattack now exceeds more than $1 million a pop.

The vast majority of companies surveyed found themselves the victim of one or more hacking or data breach incidents last year. Whether you’re Sony or Target, the bad actors are ramping up their game and using these increasingly common IoT devices and networks as the back door to private data and intellectual property.

Twenty-one percent of companies reported daily attacks in the past year. Some are minor inconveniences. Some are utterly debilitating. Radware said 78 percent of respondents hit by a cyberattack experienced service degradation or a complete outage. Perhaps more shocking, the report found that 34 percent of companies don’t have an emergency response plan in place.

“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100% of the time,” Anna Convery-Pelletier, chief marketing officer at Radware, said in the report. “A cyberattack resulting in service disruption or a breach can have devastating business impacts.

“In either case, you’re left with an erosion of trust between a brand and its constituency,” she added. Not a fair equation, for sure.

Patricia Ames is president and senior analyst for BPO Media, which publishes The Imaging Channel and Workflow magazines. As a market analyst and industry consultant, Ames has worked for prominent consulting firms including KPMG and has more than 15 years experience in the imaging industry covering technology and business sectors. Ames has lived and worked in the United States, Southeast Asia and Europe and enjoys being a part of a global industry and community.