Vulnerabilities / Threats

1/14/2016
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

IoT Security: $1-per-Thing To Protect Connected Devices

Locking down the Internet of Things won't be cheap. Here's the math.

Exactly how much will it cost to secure “Things” connected to the Internet over the next five years? Two recent Internet of Things (IoT) forecasts from industry analysts can help answer the question.

Gartner, Inc. forecasts that 6.4 billion connected Things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. Research firm MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 Billion in 2015 to $28.90 Billion (USD) by 2020, at a compound annual growth rate (CAGR) of 33.2 percent from 2015 to 2020.

To forecast how much money is being spent to secure Things, we can round off the numbers to $1-per-thing.

The Gartner forecast says that in 2016, 5.5 million new Things will get connected every day. Connected Things include cars, kitchen appliances, smart TVs, wristwatches, factory equipment, digital cameras, pet collars, electronic toys, medical devices, wearable devices, and the list goes on ad infinitum.

When a Thing gets connected, it needs to be protected -- no different than PCs, laptops, tablets, and smartphones.

A recent FBI Public Service Announcement says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.

The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.  IoT security already makes up more than 9 percent of the total market, and by 2020 it should jump to 16 percent or more.

Who needs a metric for security spending per-Thing?

Chief Information Security Officers need to get a better handle on what types of Things will be connecting to their corporate networks, and what it will cost to secure those Things.

IoT security startups who are seeking venture capital (VC) firms and corporate investors to finance their ventures. These startups need to demonstrate the number of Things now and in the future - and what it will cost to secure them.

Investors who are funding the IoT security startups. The VCs need to understand the basic market fundamentals -- and security spending per-Thing is an important one.

$1-per-Thing is a starting point, and most importantly it puts a per-Thing metric in place. If you are a CISO, an IoT security startup, or a VC, you can move the numbers (how many Things, and how much $-per-Thing to secure them) up or down to come up with your own forecasts.

IoT security is creating major market opportunities in numerous industries. The automotive security market is a prime example.

The Alliance of Automobile Manufacturers states that as cars increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features. Focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyberattacks and intrusions, according to market intelligence firm ABI Research. In a report last year, ABI forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020.

Is it more expensive to secure a car than another Thing?  That is a question for the automakers and the Things manufactures to answer.  More on that soon.

Related content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/15/2016 | 6:46:00 AM
IoT : Concept : Rejected .
the so-called "IoT" is (1) un-necessary and and (2) an excessive intrusion on privacy, and (3) a huge security risk and (4) a reliability and maintenance problem
concept is rejected .

 
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/14/2016 | 6:19:35 PM
Even if structured unstructured data is stolen how can it be used? I see not how.
IoT is structured data: people decide which devices should provide what outputs and at which situations.

1.       There are always manuals which explain the devices outputs.
2.       These manuals are unstructured data – texts.
3.       Oracle and IBM already structure unstructured data, texts:
Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'
Nobody ever before Oracle could obtain statistics (weights) on data automatically, index by common dictionary and use synonyms – see Oracle ATG?
IBM: "Watson can understand unstructured data, which is 80 percent of data today: all of the information that is produced primarily by humans for other humans to consume," according to an explanatory video about IBM's Watson tech.
4.       The devices manuals can be structured and attached to devices.

IoT data becomes a part of all unstructured data – which all can be searched through by queries meanings: for example, Oracle searches by synonyms on filtered through personal profiles queries, by meanings.

The structured unstructured data is absolutely secure: it cannot be read and understood in no way.

This is a small sample of structured data:
this - signify - <> : 333333
both - are - once : 333333
confusion - signify - <> : 333321
speaking - done - once : 333112
speaking - was - both : 333109
place - is - in : 250000
Do you understand what I said? Structured texts have nothing in common with their sources.

'Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.'
Even if structured unstructured data is stolen – how can it be used? I see not how. It's senseless piles of words and numbers.
Security's #1 Problem: Economic Incentives
Dimitri Stiliadis, CEO of Aporeto,  9/25/2017
SMBs Paid $301 Million to Ransomware Attackers
Dark Reading Staff 9/21/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.