Vulnerabilities / Threats
1/14/2016
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

IoT Security: $1-per-Thing To Protect Connected Devices

Locking down the Internet of Things won't be cheap. Here's the math.

Exactly how much will it cost to secure “Things” connected to the Internet over the next five years? Two recent Internet of Things (IoT) forecasts from industry analysts can help answer the question.

Gartner, Inc. forecasts that 6.4 billion connected Things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. Research firm MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 Billion in 2015 to $28.90 Billion (USD) by 2020, at a compound annual growth rate (CAGR) of 33.2 percent from 2015 to 2020.

To forecast how much money is being spent to secure Things, we can round off the numbers to $1-per-thing.

The Gartner forecast says that in 2016, 5.5 million new Things will get connected every day. Connected Things include cars, kitchen appliances, smart TVs, wristwatches, factory equipment, digital cameras, pet collars, electronic toys, medical devices, wearable devices, and the list goes on ad infinitum.

When a Thing gets connected, it needs to be protected -- no different than PCs, laptops, tablets, and smartphones.

A recent FBI Public Service Announcement says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.

The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.  IoT security already makes up more than 9 percent of the total market, and by 2020 it should jump to 16 percent or more.

Who needs a metric for security spending per-Thing?

Chief Information Security Officers need to get a better handle on what types of Things will be connecting to their corporate networks, and what it will cost to secure those Things.

IoT security startups who are seeking venture capital (VC) firms and corporate investors to finance their ventures. These startups need to demonstrate the number of Things now and in the future - and what it will cost to secure them.

Investors who are funding the IoT security startups. The VCs need to understand the basic market fundamentals -- and security spending per-Thing is an important one.

$1-per-Thing is a starting point, and most importantly it puts a per-Thing metric in place. If you are a CISO, an IoT security startup, or a VC, you can move the numbers (how many Things, and how much $-per-Thing to secure them) up or down to come up with your own forecasts.

IoT security is creating major market opportunities in numerous industries. The automotive security market is a prime example.

The Alliance of Automobile Manufacturers states that as cars increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features. Focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyberattacks and intrusions, according to market intelligence firm ABI Research. In a report last year, ABI forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020.

Is it more expensive to secure a car than another Thing?  That is a question for the automakers and the Things manufactures to answer.  More on that soon.

Related content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/15/2016 | 6:46:00 AM
IoT : Concept : Rejected .
the so-called "IoT" is (1) un-necessary and and (2) an excessive intrusion on privacy, and (3) a huge security risk and (4) a reliability and maintenance problem
concept is rejected .

 
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/14/2016 | 6:19:35 PM
Even if structured unstructured data is stolen – how can it be used? I see not how.
IoT is structured data: people decide which devices should provide what outputs and at which situations.

1.       There are always manuals which explain the devices outputs.
2.       These manuals are unstructured data – texts.
3.       Oracle and IBM already structure unstructured data, texts:
Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'
Nobody ever before Oracle could obtain statistics (weights) on data automatically, index by common dictionary and use synonyms – see Oracle ATG?
IBM: "Watson can understand unstructured data, which is 80 percent of data today: all of the information that is produced primarily by humans for other humans to consume," according to an explanatory video about IBM's Watson tech.
4.       The devices manuals can be structured and attached to devices.

IoT data becomes a part of all unstructured data – which all can be searched through by queries meanings: for example, Oracle searches by synonyms on filtered through personal profiles queries, by meanings.

The structured unstructured data is absolutely secure: it cannot be read and understood in no way.

This is a small sample of structured data:
this - signify - <> : 333333
both - are - once : 333333
confusion - signify - <> : 333321
speaking - done - once : 333112
speaking - was - both : 333109
place - is - in : 250000
Do you understand what I said? Structured texts have nothing in common with their sources.

'Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.'
Even if structured unstructured data is stolen – how can it be used? I see not how. It's senseless piles of words and numbers.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
8 Key Building Blocks for Enterprise Network Defense
Networks are changing rapidly -- and so are strategies for protecting them. This Tech Digest looks at the fundamentals for the next-gen environment.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In this episode of Dark Reading Radio, veteran CISOs will share their experience and insight into how organizations can get the best bang for their security buck.