Welcome to the the darkside of IoT
Even though they differ greatly, what analyst and vendor projections all agree on is that the number of connected internet of things devices will essentially go through the roof over the next couple of years. Estimates range anywhere from 20 to 50 billion connected IoT devices by 2020 - with Gartner, for example, projecting 20 billion devices as more a 'conservative' estimate, if there ever is a conservative view in light of these stunning figures.
Author: Marc Wilczek, T-Systems
But no matter how many billions of devices it will finally be, one thing is for sure - it’s going to be huge! While this sounds encouraging and almost too good to be true, there are downsides, namely security flaws and the unprecedented threat of cybercrime. Nobody wants to be the party pooper and demonise the technological advance toward a bright and shiny digital universe, but it would be fairly naive to bluntly ignore the facts.
Let’s face reality: As much as the IoT universe grows, so does the security challenge
Over the last few months, the cybersecurity industry has been observing some quite interesting trends such as an uptick in Distributed Denial-of-Service (DDoS) attacks with unparalleled data traffic. Cybercrime has become a vast ecosystem that keeps soaring. Experts predict that data breaches could cause damages of up to $2.1tn globally by 2019, which is essentially right around the corner. According to Juniper, the average cost of a data breach in 2020 will exceed $150m as more business infrastructure gets connected.
In a recent study, nearly 52% of the participating consumers believed that IoT products do not have the necessary security in place. And far worse, 85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented. A shocking 90% of developers surveyed didn’t believe that IoT devices on the market currently have the necessary security in place.
How come?
One of the driving forces for this drastic increase of devices is simply price. With cheap internet pretty much accessible around the globe and wearables becoming a commodity, the price spiral is heading south and the market is simply flooded with low-cost hardware. This enormous price sensitivity, however, almost inevitably precludes to inherently embed comprehensive security features, as this is nothing else but a mutually exclusive trade-off.
On average, IoT devices are inexpensive. With 50% of all connected devices targeting the consumer space, manufacturers are caught between the devil and the deep blue sea. As a consequence, those targeting the mass market have little financial margin to invest into the security challenge as it’s simply a costly undertaking.
For the bad guys on the other hand, it’s literally the land of milk and honey with vulnerable devices accessible in abundance. In other words: The hunting ground for the predators is full of possible prey and fence season is long gone.
DDoS attacks are just an example, but once these devices are filled with user data, the issue will be taken to a whole new dimension. Unfortunately, the circumstances aren’t getting any better as more IoT devices will continue to go online every single day.
The security challenge: How to get out of here?
While the above might sound rather scary, it’s far from being hopeless, though it does require action now. Ultimately, there are two sides of the same coin, the first being technology and the second being the human factor.
Overall, the cybersecurity industry is progressing with its R&D efforts in order to come up with solutions that will alleviate various security challenge pain points. If everyone involved is committed to fixing the problem, then developing new technologies with built-in security features will become the norm and the result will be a much safer IoT. With the emergence of software-defined technology, tight security protocols and encryption can be implemented at the fraction of the cost of hardware components.
Vendors should consider de-commoditising and coming up with a more differentiated product offering that, for example, includes security features. It’s obvious that these features come with a price tag. However, only when vendors translate these features into tangible benefits will consumers be prepared to pay a higher premium.
At the same time, it’s an important task for society to drastically increase its awareness of how to deal with data and teach at least basic principles of how consumers can protect themselves and mitigate cyberthreats. Consumers need to understand the implications of their actions and should think twice about what kind of data to store on which IoT device.
Finally, governments must take appropriate action and shift their attention toward the rising threat of cybercrime in the 21st century by strengthening their cyberdefense activities and making it a strategic component of their security policies. Policymakers love talking about it, but the time has come to walk the walk. As a wise man once said, “Let’s not close the barn door after the horse has bolted.”