Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/14/2016
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

IoT Security: $1-per-Thing To Protect Connected Devices

Locking down the Internet of Things won't be cheap. Here's the math.

Exactly how much will it cost to secure “Things” connected to the Internet over the next five years? Two recent Internet of Things (IoT) forecasts from industry analysts can help answer the question.

Gartner, Inc. forecasts that 6.4 billion connected Things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. Research firm MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 Billion in 2015 to $28.90 Billion (USD) by 2020, at a compound annual growth rate (CAGR) of 33.2 percent from 2015 to 2020.

To forecast how much money is being spent to secure Things, we can round off the numbers to $1-per-thing.

The Gartner forecast says that in 2016, 5.5 million new Things will get connected every day. Connected Things include cars, kitchen appliances, smart TVs, wristwatches, factory equipment, digital cameras, pet collars, electronic toys, medical devices, wearable devices, and the list goes on ad infinitum.

When a Thing gets connected, it needs to be protected -- no different than PCs, laptops, tablets, and smartphones.

A recent FBI Public Service Announcement says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.

The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.  IoT security already makes up more than 9 percent of the total market, and by 2020 it should jump to 16 percent or more.

Who needs a metric for security spending per-Thing?

Chief Information Security Officers need to get a better handle on what types of Things will be connecting to their corporate networks, and what it will cost to secure those Things.

IoT security startups who are seeking venture capital (VC) firms and corporate investors to finance their ventures. These startups need to demonstrate the number of Things now and in the future - and what it will cost to secure them.

Investors who are funding the IoT security startups. The VCs need to understand the basic market fundamentals -- and security spending per-Thing is an important one.

$1-per-Thing is a starting point, and most importantly it puts a per-Thing metric in place. If you are a CISO, an IoT security startup, or a VC, you can move the numbers (how many Things, and how much $-per-Thing to secure them) up or down to come up with your own forecasts.

IoT security is creating major market opportunities in numerous industries. The automotive security market is a prime example.

The Alliance of Automobile Manufacturers states that as cars increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features. Focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyberattacks and intrusions, according to market intelligence firm ABI Research. In a report last year, ABI forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020.

Is it more expensive to secure a car than another Thing?  That is a question for the automakers and the Things manufactures to answer.  More on that soon.

Related content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/15/2016 | 6:46:00 AM
IoT : Concept : Rejected .
the so-called "IoT" is (1) un-necessary and and (2) an excessive intrusion on privacy, and (3) a huge security risk and (4) a reliability and maintenance problem
concept is rejected .

 
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/14/2016 | 6:19:35 PM
Even if structured unstructured data is stolen how can it be used? I see not how.
IoT is structured data: people decide which devices should provide what outputs and at which situations.

1.       There are always manuals which explain the devices outputs.
2.       These manuals are unstructured data – texts.
3.       Oracle and IBM already structure unstructured data, texts:
Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'
Nobody ever before Oracle could obtain statistics (weights) on data automatically, index by common dictionary and use synonyms – see Oracle ATG?
IBM: "Watson can understand unstructured data, which is 80 percent of data today: all of the information that is produced primarily by humans for other humans to consume," according to an explanatory video about IBM's Watson tech.
4.       The devices manuals can be structured and attached to devices.

IoT data becomes a part of all unstructured data – which all can be searched through by queries meanings: for example, Oracle searches by synonyms on filtered through personal profiles queries, by meanings.

The structured unstructured data is absolutely secure: it cannot be read and understood in no way.

This is a small sample of structured data:
this - signify - <> : 333333
both - are - once : 333333
confusion - signify - <> : 333321
speaking - done - once : 333112
speaking - was - both : 333109
place - is - in : 250000
Do you understand what I said? Structured texts have nothing in common with their sources.

'Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.'
Even if structured unstructured data is stolen – how can it be used? I see not how. It's senseless piles of words and numbers.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...