Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/14/2016
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

IoT Security: $1-per-Thing To Protect Connected Devices

Locking down the Internet of Things won't be cheap. Here's the math.

Exactly how much will it cost to secure “Things” connected to the Internet over the next five years? Two recent Internet of Things (IoT) forecasts from industry analysts can help answer the question.

Gartner, Inc. forecasts that 6.4 billion connected Things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. Research firm MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 Billion in 2015 to $28.90 Billion (USD) by 2020, at a compound annual growth rate (CAGR) of 33.2 percent from 2015 to 2020.

To forecast how much money is being spent to secure Things, we can round off the numbers to $1-per-thing.

The Gartner forecast says that in 2016, 5.5 million new Things will get connected every day. Connected Things include cars, kitchen appliances, smart TVs, wristwatches, factory equipment, digital cameras, pet collars, electronic toys, medical devices, wearable devices, and the list goes on ad infinitum.

When a Thing gets connected, it needs to be protected -- no different than PCs, laptops, tablets, and smartphones.

A recent FBI Public Service Announcement says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.

The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.  IoT security already makes up more than 9 percent of the total market, and by 2020 it should jump to 16 percent or more.

Who needs a metric for security spending per-Thing?

Chief Information Security Officers need to get a better handle on what types of Things will be connecting to their corporate networks, and what it will cost to secure those Things.

IoT security startups who are seeking venture capital (VC) firms and corporate investors to finance their ventures. These startups need to demonstrate the number of Things now and in the future - and what it will cost to secure them.

Investors who are funding the IoT security startups. The VCs need to understand the basic market fundamentals -- and security spending per-Thing is an important one.

$1-per-Thing is a starting point, and most importantly it puts a per-Thing metric in place. If you are a CISO, an IoT security startup, or a VC, you can move the numbers (how many Things, and how much $-per-Thing to secure them) up or down to come up with your own forecasts.

IoT security is creating major market opportunities in numerous industries. The automotive security market is a prime example.

The Alliance of Automobile Manufacturers states that as cars increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features. Focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyberattacks and intrusions, according to market intelligence firm ABI Research. In a report last year, ABI forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020.

Is it more expensive to secure a car than another Thing?  That is a question for the automakers and the Things manufactures to answer.  More on that soon.

Related content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/15/2016 | 6:46:00 AM
IoT : Concept : Rejected .
the so-called "IoT" is (1) un-necessary and and (2) an excessive intrusion on privacy, and (3) a huge security risk and (4) a reliability and maintenance problem
concept is rejected .

 
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/14/2016 | 6:19:35 PM
Even if structured unstructured data is stolen how can it be used? I see not how.
IoT is structured data: people decide which devices should provide what outputs and at which situations.

1.       There are always manuals which explain the devices outputs.
2.       These manuals are unstructured data – texts.
3.       Oracle and IBM already structure unstructured data, texts:
Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'
Nobody ever before Oracle could obtain statistics (weights) on data automatically, index by common dictionary and use synonyms – see Oracle ATG?
IBM: "Watson can understand unstructured data, which is 80 percent of data today: all of the information that is produced primarily by humans for other humans to consume," according to an explanatory video about IBM's Watson tech.
4.       The devices manuals can be structured and attached to devices.

IoT data becomes a part of all unstructured data – which all can be searched through by queries meanings: for example, Oracle searches by synonyms on filtered through personal profiles queries, by meanings.

The structured unstructured data is absolutely secure: it cannot be read and understood in no way.

This is a small sample of structured data:
this - signify - <> : 333333
both - are - once : 333333
confusion - signify - <> : 333321
speaking - done - once : 333112
speaking - was - both : 333109
place - is - in : 250000
Do you understand what I said? Structured texts have nothing in common with their sources.

'Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.'
Even if structured unstructured data is stolen – how can it be used? I see not how. It's senseless piles of words and numbers.
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now this is the worst micromanagment I've seen.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers &amp; Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.