It’s no surprise that the Internet of Things (IoT) has realized a meteoric surge within the enterprise. Connected devices are gathering, en masse, within organizations, posing new security threats for Chief Information Security Officers (CISO).
This IoT wave is here to stay, and could slowly erode the security “shoreline,” if practitioners are not prepared. That’s because seizing control of these devices is now an active and menacing threat.
Distributed denial-of-service (DDoS) threats have remained a concern for IT administrators. But now, security teams must keep a hand on the pulse of botnets, phishing scams, IAM flaws and a variety of other means cyber-criminals can use to tap into IoT devices.
IoT Spending
Further, according to a new forecast from Juniper Research, as reported by MediaPost, IoT spending will reach $6 billion by 2023.
As such, North America is projected to lead the way, and within five years, 5% of the total cyber security spend will be dedicated to IoT.
Juniper Research also projects IoT security spending to rise 30% annually while connection growth extends by about 25%. Around that, business risk and regulatory minimum standards are key drivers in the spend.
See Related: 'The New Normal': Security Concerns Around IoT Inundation
On that point, research author Steffen Sorrell stated that “little has been done from a regulatory perspective to protect consumers.” Perhaps a noticeable rise in spending and productivity will alleviate that concern over the timespan.
Insight
John Chambers, President, JCC Executive Partners LLC, told the Cyber Security Hub: “Interconnectedness is a way of life now, required to operate our businesses. Virtually every one of our suppliers in industry is not simply a partner in our supply chain but, moreover, a component in our cyber chain, embedded into innumerable business processes.”
Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network, previously told the Cyber Security Hub that the emergence of IoT really dates back decades, when a “variegated landscape” emerged in the technology space due to some tectonic shifts.
As such (and as seen with other proliferating technologies over the years), the speed of acceptance of IoT devices could be jeopardizing the privacy of consumers and businesses. Wynn called for the usage of IoT devices within the boundaries of regulatory best practices.
With trillions of dollars on the line in the coming years, it’s clear that IoT will demand global standards. This is especially true as it assimilates more and more into the medical field, as well as industry. IoT devices could augment patient care (e.g., pacemakers) and may appear in routine industrial processes. Some of our next-gen technology will depend on this emerging connectivity.
It’s also clear that IoT “patrolling” will depend on both traditional and revamped security protocols. Chambers said that third-party risk management will be a large component of IoT security and “should be extended to vetting the cyber resilience of the supplier’s product or service offering.”
Administrators must also be aware of the firmware and code in place on the connection points. This will depend on vulnerability management/routine patching. If not, Chambers said, “seemingly innocuous” connections (e.g., security cameras, kiosks and badge readers) can be harmful.
Moving forward, IoT will no doubt hinge upon a regulatory framework. Whether that’s an omnibus piece of legislation or patchwork (similar to the current U.S. structure in data privacy), governance, risk management and compliance (GRC) will be a key indicator in the survival of the network.
Long term, Chambers also believes the model will shift toward business opportunity in behavioral analytics (data collection, distribution and sales analysis).
Regardless of the adoption rate or GRC structure behind it, IoT is a driver of cyber security spend and will continue to be a factor for enterprise security professionals. At the end of the day, however, its maintenance and guidance will largely still depend on human intuition (think deployment, enforcement, etc.).
Be Sure To Check Out: IoT Devices At Forefront Of Cyber Security Efforts