By 2020, there will be a whopping 20 billion IoT devices, according to Gartner.
IoT devices are physical objects equipped with embedded sensors that connect to an IT network and can communicate with other devices and software applications such as mobile apps, desktop PCs, printers, and other office or household devices.
In this way, for example, the surveillance cameras, air conditioners, coffee machines and office equipment in a household can monitor themselves and the environment, communicate and control their own actions thanks to their sensors and actuators. This can be extremely practical – or quite risky.
If IoT devices are not secured, cybercriminals can easily hack surveillance cameras, intercept network communications or access confidential documents stored on computers or printed through printers.
Such IoT attacks cost companies many millions of euros and quite often force them to go out of business. According to Symantec, the number of IoT attacks increased by 600 percent between 2016 and 2017.
Small businesses looking to leverage the Internet of Things must imperatively prioritize IoT security and endpoint protection. Failure to deploy IoT security technologies in the implementation phase increases vulnerability to cyber risks such as DDoS attacks that can bring down the entire enterprise.
This article focuses on the key features of IoT security technologies, current trends in the market and the speed at which new technologies are becoming mainstream.
IoT security technologies against cyber threats
IoT security technologies are software solutions that protect IoT devices. The Cradlepoint Business Intelligence Report "State of IoT 2018" found:
41% of companies were concerned about IoT security issues. Another survey found that 37% of companies are unsure if they can properly secure IoT data. And in a survey, 86 percent of IT security managers* said their companies need to be more aware of IoT threats.
One example is the Mirai botnet attack with thousands of infected IoT devices, including surveillance cameras and routers. Several companies were hit with massive distributed denial of service (DDoS) attacks, and all clearly felt the damage that can be caused by unsecured IoT devices.
But forgoing useful technologies like the Internet of Things, which after all promises to add millions of dollars to the global economy, would severely dampen business growth. The best course of action in this situation, then, is to implement stringent IoT security measures for all networked devices and ensure that threats are identified and addressed as quickly as possible.
Gartner analysts Saniye Burcu Alaybeyi, Ruggero Contu and Barika L Pace say: (1)
"IoT security is part of digital security and involves software, hardware, network and data protection for digital initiatives involving the Internet of Things. IoT security shares many technologies and processes with IT, operational technology and physical security. IoT security measures provide confidence and create secure, reliable, private and resilient digital systems for digital enterprises."
IoT security technologies encompass a variety of areas such as "digital trust, tamper-resistant device hardening techniques for hardware and firmware, secure cloud integration, device detection, event detection and response systems, and improved guidance and system integration."
These technologies automatically detect new IoT devices on the network and verify their authenticity via passwords or biometrics. It also secures any communication between a device and the network. In the next section, we cover the key features and benefits of IoT security technologies and answer how quickly you should ideally adopt them.
6 essential functions of IoT security technologies
IoT security solutions provide multiple capabilities, such as authentication, device discovery, vulnerability scanning, risk assessment and trusted communication between devices.
Software vendors are adding more and more features to their IoT solutions. The following functions of security technologies are essential:
- Device recognition: IoT devices can be any physical device with sensors or actuators connected to an IT network, whether watches, shoes or pacemakers. This makes detecting IoT devices a challenge. Your IoT security solution should be able to identify specific IoT devices on the network by monitoring incoming and outgoing network traffic and maintaining a database of devices.
- Data encryption: data encryption is considered the core of the IoT security ecosystem. It ensures that sensitive data exchanged between networked devices is difficult to decrypt, even if it is hacked. Cryptographic algorithms and data encryption keys are used to secure communications between IoT devices.
- Authentication: users must authenticate IoT devices before they can access them. Common authentication methods include passwords, biometrics, two-factor authentication and digital certificates. Access logs also make changes and updates to IoT devices traceable.
- Brute force protection: this feature detects and prevents brute force attacks or remote hacking by limiting the number of possible connection attempts for IoT devices. Authentication methods such as passwords, antivirus solutions and endpoint protection tools have a protective effect. Once brute-force attacks are detected and blocked, the software blacklists the malicious IP addresses.
- Security analytics: IoT security software uses security-related data from IoT devices to detect anomalies and predict future threats. Security analytics help users collect, monitor, and report on IoT device data. Technologies such as artificial intelligence (AI) and algorithms extend these capabilities.
- API security: insecure APIs connected via the IoT are a common data security vulnerability. API security is created by a secure end-to-end API management solution with authentication and authorization capabilities. The storage and transmission of sensitive information also needs to be protected with digital certificates.
The amount of vulnerable entry points and network traffic increases with the number of IoT devices. This makes it all the more important to also protect network security with firewalls, antivirus solutions, intrusion detection technology and security information and event management (SIEM) solutions.
Early threat detection for improved decision making
With the right software, anomalies and cyber risks on the IoT network can be detected and verified before they become dangerous and cause system outages. In addition, IoT security technologies offer several other benefits:
- Prevent DDoS attacks: large-scale DDoS attacks involve hacking unsecured IoT devices such as security cameras, thermostats, webcams, and smartwatches, and then installing malware on them. IoT security software provides better device protection through authentication methods, brute force attack prevention mechanisms and security analytics. These measures can also improve the privacy and security of the entire network.
- Making better decisions: IoT devices are a goldmine of data. Collecting and analyzing this data helps identify patterns in network requests. Build on this to make data-driven decisions to improve IT security, customer experience management, predictive maintenance, fleet management and smart metering.
- Reduce BYOD risks: Bring Your Own Device (BYOD) policies allow employees to use their personal devices for work. However, when personal devices such as cell phones, laptops and smartwatches are connected to the corporate network, it can pose a big risk. IoT security solutions help detect new devices and automatically deploy security measures to protect the network.
Market trends and the evolution of IoT security technologies
Protecting IoT devices can be difficult: there are many different types of devices and it is not always easy to detect them. Most IoT devices are physical devices with sensors or actuators and limited computing capacity, making it difficult to develop security solutions that can be applied to them.
Despite these challenges, IoT security solutions continue to improve. Software vendors such as Cisco and CA Technologies have further developed their IoT device authentication capabilities with Open Identity Management protocols such as SAML.
The following list of recent market developments and trends should give a sense of the speed at which IoT security technologies are evolving. We've also included examples of how vendors are using these trends to improve their own software.
Artificial intelligence for IoT security
AI is being used in endpoint protection to model the behavior of IoT endpoints. These systems are used to test the current behavior of IoT endpoints to detect anomalies and prevent threats. Artificial intelligence is also expected to help with device discovery by identifying different IoT device types and collecting the information in a database.
Market developments: Numerous vendors, such as Indegy, have incorporated advanced analytics models into their solutions. These models can detect IoT problem areas, monitor performance and send timely alerts.
Network protection tools with IoT security capabilities
Protecting IoT networks is one of the most important basic functions and is being extended by many software providers with new additional functions. This includes combining traditional protection mechanisms such as anti-virus systems and firewalls with complex standards and protocols.
Market developments: IoT security vendors such as Bayshore Networks are using automated systems for faster alerts on network intrusion attempts, as well as better passive network monitoring and threat detection.
Trust and control as the foundation of IoT systems
Allowing an IoT device developed by a lesser-known vendor may lead to trust issues between the device and the network. IoT systems can be secured by integrating a trusted device as a hardware security reference ("root of trust"), using security methods such as authentication and cryptography.
Market developments: Some IoT security technology vendors, such as Unbound Tech, offer secure keys that can be added to IoT devices and central servers for enhanced authentication. Software company Symantec offers "Roots of Trust" for authentication and code signing.
Accelerated adoption of IT security solutions in 5-10 years
Gartner estimates that global spending on IoT security will increase from 1.2 billion. USD in 2017 to 3.1 billion. USD will increase in 2020.
The number of IoT devices – both consumer and industrial – is also expected to grow to 20 billion, creating a corresponding need for security technologies. This need is expected to grow even more as new regulatory requirements for IoT devices come into effect.
IoT security regulations are essential (Source)
The Gartner report " Hype Cycle for Endpoint and Mobile Security (2018)" (available to clients in English) sees IoT security as an emerging technology that is expected to mature and go mainstream in the next five to 10 years.
Here's how we predict the proliferation of IoT security technologies will play out over the next 10 years:
- Near-term (0-2 years): Enterprises continue to experiment with IoT technologies and the use of IoT security solutions is slowly increasing
- Medium term (2-5 years): IoT security technologies will be more widely used as the volume of IoT devices increases and so do security concerns
- Long-term (5-10 years): The pace of adoption of IoT security technologies is rapidly increasing as compliance with new IoT regulations must be ensured and security awareness increases.
Currently, the adoption of IoT security technologies is still in its infancy, even in small businesses. It will also continue to move fairly slowly over the next few years. But as more vendors enter the market, IoT security technologies will become less expensive and more widely deployed.
New IoT regulations and improved security awareness will also contribute in small businesses. By 2029, IoT security technologies are expected to be widely deployed and used by small businesses by default.
In which industries will IoT security technologies spread faster?
Expect security technologies to spread fastest in the financial and healthcare industries, where the Internet of Things is heavily used and privacy is key. Health records receive a lot of very sensitive information and are accordingly worth a lot, making them a desirable target for attack.
Manufacturing, utilities and transportation industries will also lead the adoption of IoT security technologies, as IoT is already widely used in these sectors.
Recommendations for IoT security technology adoption
Are you in the process of designing the IoT strategy for your small business? Then remember to plan for security elements from the start – even in the design and implementation phases.
These 5 tips will help you build a good IoT security strategy:
Consider security in IoT implementation:
Document all IoT devices and review risk exposure:
Analyze compliance regulations for IoT security:
Invest in digital risk management solutions:
Create internal expertise on IoT security:
- Check out GetApp for more information on IT security forecasting, the benefits of managed security service providers for small businesses, key data protection technologies and more.
- Our IT security software directory provides information on more than 500 software products, such as those for antivirus, data loss prevention, data backups, authentication, endpoint protection and log management. Read real user reviews and compare different solutions to make the best possible purchasing decision.
(1) Gartner Hype Cycle for Endpoint and Mobile Security 2018 (full report available to clients) Note: The information in this article comes from sources we judge to be trustworthy. The selected applications serve as examples to present features in context. This is not a recommendation.
This article may refer to products, programs or services that are not available in your region or may be restricted by the laws or regulations of the country. We recommend contacting the software provider directly for product availability and legal compliance information. Gender Note: For better readability, the masculine form is used for personal names and personal nouns on this website. Corresponding terms apply in principle to all genders in the sense of equal treatment. The abbreviated form of speech is only for editorial reasons and does not imply any value judgement.