While work from home has generated a whole new level of security threats, the Internet of Things (IoT) promises to up the ante even further.
Think about the havoc caused by hundreds of millions of people suddenly working from home. This severely weakened and, in some cases, overwhelmed corporate security defenses. IoT could magnify such challenges.
IoT may not be top of mind right now due to the scourge of ransomware. But it will no doubt rise again as the number of connected things grows exponentially.
5 Trends In IoT Security
1. Another Major Expansion Of The Organizational Perimeter
The IoT magnifies the threat level by several orders of magnitude. We are talking here about tens of billions of connected devices.
IDC estimates that 41.6 billion connected IoT devices or things will be generating 79.4 ZB of data by 2025. Every one of them opens a door to the enterprise.
Vendors have already come out with some IoT security-related tools. But the market remains largely in its infancy. Once the threat becomes more real, vendor offerings will multiply and grow in sophistication. For organizations, this all adds up to them having to secure an ever-widening net.
2. IoT Will Generate A LOT More Data
With the growth of connected IoT devices will come another major rise in data.
There is a debate ongoing as to where that data will reside. Some say almost all will stay at the edge. Others want a lot more of it sent to major data centers. Regardless, data must be secured. Even if it is only information concerning the location of a car for a few moments, anyone being lax on access to that data will catch serious privacy heat.
Whether data is at the edge, in the data center, or in the cloud, all of it will have to be fully secured.
“We see a rise in edge computing devices that will reduce computer power in the IoT devices, but these will need to be managed and secured,” said Ashley Leonard, president and CEO of Syxsense.
He made the point that the impact of IoT will be further magnified once 5G really gains traction.
“5G and IoT will revolutionize the way we work and communicate but most importantly, the way we access information,” Leonard said. “Current IT security models that focus on perimeter security will not be effective when corporate data is exposed by 5G devices connected directly to the internet. Who can see and who owns your data?”
3. Automation Will Become An Even Larger Element Within Security
Automation is already a major trend within security. It is used to trawl through mountains of logs, for instance, to isolate patterns and anomalies.
Machine learning (ML) is also becoming a growing part of security in areas such as risk management, threat intelligence, and security information and event management (SIEM).
But with the IoT, we can expect even more automation. When you are dealing in orders of magnitudes in the tens of billions, there is no way a security admin can be expected to manually cope. Automated security, therefore, will become an increasingly vital part of the security arsenal.
4. The Lines Of Attack Become Wilder
The IoT offers so many new lines of attack, many of which are hardly even being conceived off right now.
Hackers, for example, can take over control of vehicles remotely. Greg Schulz, an analyst with StorageIO Group, adds planes, trains, and transit systems to the list of possible targets. And then you have drones, Alexa or Google devices, smart phones, computers, garage door openers, home heating, ventilation, and air conditioning (HVAC), other building control systems, elevators, factory systems, warehouses, and robots.
“Most companies have no idea what IoT systems are even connected to their corporate networks,” Leonard said. “This has huge security implications. A casino has already been hacked through an IoT thermometer in a fish tank.”
5. The Need For Standards
Standards are vital in IT. Imagine what would happen if a dozen vendors and another few dozen startups set up their own disparate protocols and systems for managing the IoT. It would become a chaos of competing systems.
And security would become a nightmare due to lack of integration. In fact, the lack of standards could be used as an excuse for failing to secure IoT systems and data.
“Many IoT device vendors each have their own methods for updating security, but there are no standards,” Leonard said.
He gave the example of homeowners. When did they last update their door-lock system, security cameras, or AC? In this brave new world of the IoT, think what those systems might be connected to? In many cases, they are connected to phones that contain the passwords to consumer and corporate systems. That provides an entry point of magnitude into the enterprise.
But if the IoT really takes hold, sensors and devices will be everywhere — in every car, in every device, on the factory floor. Standards are vitally needed to simplify the securing of all if it.