The FBI recently issued a Public Service Announcement saying that as more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors.
The announcement points out the following Internet of Things devices:
- Automated devices which remotely or automatically adjust lighting or HVAC.
- Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and daycare settings.
- Medical devices, such as wireless heart monitors or insulin dispensers
- Wearables, such as fitness devices.
- Lighting modules which activate or deactivate lights.
- Smart appliances, such as smart refrigerators and TVs.
- Office equipment, such as printers.
- Entertainment devices to control music or television from a mobile device.
- Fuel monitoring systems.
The FBI says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.
It looks like an IoT crime wave is driving a burgeoning IoT security market.
IoT security market
In a McKinsey & Company report ‘Unlocking the potential of the Internet of Things‘, their bottom-up analysis for the applications they size estimates that the IoT has a total potential economic impact of $3.9 trillion to $11.1 trillion a year by 2025. At the top end, that level of value would be equivalent to about 11 percent of the world economy. The report states “with policy actions to encourage interoperability, ensure security, and protect privacy and property rights, the Internet of Things can begin to reach its full potential.”
The Internet of Things (IoT) Security Market is expected to grow from $6.89 billion in 2015 to $28.90 billion by 2020, according to a new market research report published by Markets and Markets.
”Computerworld’s Forecast Study 2015” predicts spending on security technologies will increase by 46 percent, ahead of all other IT categories, and that IoT will be the top new area of spending in 2015.
Gartner states “The Internet of Things (IoT) is a key enabling technology for digital businesses. Approximately 3.9 billion connected things were in use in 2014 and this figure is expected to rise to 25 billion by 2020. And while deployment is growing, there are factors slowing down the rate of adoption. Security and privacy are among the top key concerns among enterprises. Existing ideas and approaches to identity management will not be entirely effective for the IoT. IAM and other security leaders must rethink and rearchitect to be successful.”
[ ALSO ON CSO: Experts to IoT makers: Bake in security ]
“IoT will increasingly have sensing, analytics and visualization tools that may be accessed on a personal, community or national level. Information sharing and ease of accessibility via the IoT makes businesses vulnerable to targeted cyber attacks, so the huge benefits must be weighed against the growing risks” states EY in its “2015 Cybersecurity and the Internet of Things Report”.
According to an HP study, 70 percent of the most commonly used IoT devices contain vulnerabilities.
“By its very design, the Internet of Things is built with lightweight security,” explains Terrence Gareau, chief scientist, Nexusguard. “These devices rely heavily on shared libraries and a rapid development cycle. Because of their constraints, many IoT devices have limited options for firmware upgrades and other risk management features. The fact that they are also “always-online” makes them highly susceptible to intrusion and attacks.”
$1-Per-IoT Device for Security?
To line up IoT cyber crime and spending, let’s consider two key forecasts:
IoT spending is projected at nearly $29 billion by 2020 and there will be approximately 25 billion IoT devices by 2020.
That’s close enough to do your own napkin scratch forecasting around $1 per IoT device for security. You can move the dollar figure per device up or down - but no matter how you look at it, spending on IoT security is going to be huge.