Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/14/2016
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

IoT Security: $1-per-Thing To Protect Connected Devices

Locking down the Internet of Things won't be cheap. Here's the math.

Exactly how much will it cost to secure “Things” connected to the Internet over the next five years? Two recent Internet of Things (IoT) forecasts from industry analysts can help answer the question.

Gartner, Inc. forecasts that 6.4 billion connected Things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. Research firm MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 Billion in 2015 to $28.90 Billion (USD) by 2020, at a compound annual growth rate (CAGR) of 33.2 percent from 2015 to 2020.

To forecast how much money is being spent to secure Things, we can round off the numbers to $1-per-thing.

The Gartner forecast says that in 2016, 5.5 million new Things will get connected every day. Connected Things include cars, kitchen appliances, smart TVs, wristwatches, factory equipment, digital cameras, pet collars, electronic toys, medical devices, wearable devices, and the list goes on ad infinitum.

When a Thing gets connected, it needs to be protected -- no different than PCs, laptops, tablets, and smartphones.

A recent FBI Public Service Announcement says deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.

The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.  IoT security already makes up more than 9 percent of the total market, and by 2020 it should jump to 16 percent or more.

Who needs a metric for security spending per-Thing?

Chief Information Security Officers need to get a better handle on what types of Things will be connecting to their corporate networks, and what it will cost to secure those Things.

IoT security startups who are seeking venture capital (VC) firms and corporate investors to finance their ventures. These startups need to demonstrate the number of Things now and in the future - and what it will cost to secure them.

Investors who are funding the IoT security startups. The VCs need to understand the basic market fundamentals -- and security spending per-Thing is an important one.

$1-per-Thing is a starting point, and most importantly it puts a per-Thing metric in place. If you are a CISO, an IoT security startup, or a VC, you can move the numbers (how many Things, and how much $-per-Thing to secure them) up or down to come up with your own forecasts.

IoT security is creating major market opportunities in numerous industries. The automotive security market is a prime example.

The Alliance of Automobile Manufacturers states that as cars increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cybersecurity is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features. Focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyberattacks and intrusions, according to market intelligence firm ABI Research. In a report last year, ABI forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020.

Is it more expensive to secure a car than another Thing?  That is a question for the automakers and the Things manufactures to answer.  More on that soon.

Related content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/15/2016 | 6:46:00 AM
IoT : Concept : Rejected .
the so-called "IoT" is (1) un-necessary and and (2) an excessive intrusion on privacy, and (3) a huge security risk and (4) a reliability and maintenance problem
concept is rejected .

 
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/14/2016 | 6:19:35 PM
Even if structured unstructured data is stolen how can it be used? I see not how.
IoT is structured data: people decide which devices should provide what outputs and at which situations.

1.       There are always manuals which explain the devices outputs.
2.       These manuals are unstructured data – texts.
3.       Oracle and IBM already structure unstructured data, texts:
Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'
Nobody ever before Oracle could obtain statistics (weights) on data automatically, index by common dictionary and use synonyms – see Oracle ATG?
IBM: "Watson can understand unstructured data, which is 80 percent of data today: all of the information that is produced primarily by humans for other humans to consume," according to an explanatory video about IBM's Watson tech.
4.       The devices manuals can be structured and attached to devices.

IoT data becomes a part of all unstructured data – which all can be searched through by queries meanings: for example, Oracle searches by synonyms on filtered through personal profiles queries, by meanings.

The structured unstructured data is absolutely secure: it cannot be read and understood in no way.

This is a small sample of structured data:
this - signify - <> : 333333
both - are - once : 333333
confusion - signify - <> : 333321
speaking - done - once : 333112
speaking - was - both : 333109
place - is - in : 250000
Do you understand what I said? Structured texts have nothing in common with their sources.

'Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.'
Even if structured unstructured data is stolen – how can it be used? I see not how. It's senseless piles of words and numbers.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30477
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
CVE-2021-30478
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the sa...
CVE-2021-30479
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
CVE-2021-30487
PUBLISHED: 2021-04-15
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
CVE-2020-36288
PUBLISHED: 2021-04-15
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused ...