We are currently witnessing a growing number of IoT deployments and solutions around the world. IoT security is emerging as a key component of these deployments and companies are recognizing they need to get it right from the beginning – By 2022, the IoT security market is forecast to reach $4.4 billion. Various industry surveys, as well as our own research, indicate cybersecurity is the #1 concern for industrial IoT users today.
IoT Security is key for the secure development and secure operation of scalable IoT applications and services that connect the real and virtual worlds between objects, systems, and people.
In this article, we turn our focus to expand on 5 IoT Security insights gathered from our ongoing market research:
1. IoT Security Spending Is Rapidly Increasing
Global spending for end-users of 3rd party security solutions is currently estimated at $703M for 2017 and is forecast to grow at a CAGR (Compound Annual Growth Rate) of 44% to become a $4.4B market by 2022, driven by new regulation and increasing IoT adoption.
In addition to the security tools provided by IoT platforms the IoT security market is an aggregation of innovative startups and established firms such as global chip manufacturers, infrastructure providers, as well as cloud and enterprise software companies.
2. IoT Introduces an Increased Number of Security Threats
One of the big differences between the Internet of Things and previous internet technology is that the number of possible threats is much larger, due to the following (based on the above equation for the level of cybersecurity risk from Bosch):
New threats from across the stack
- More points of exposure: The growing number of connected devices, applications, systems and end users mean more points of exposure.
- IoT devices themselves become new attack vectors: Every compromised device becomes a new possible attack point, which means a higher probability of attacks.
- Increased impact of attacks: With more connected devices in many applications (i.e., hundreds of different use cases which all build on different standards, interact with different systems and have different goals), especially critical infrastructure applications where there is an increased impact of attacks (i.e., damage to the physical world and possible loss-of-life), the stakes are much higher for hackers which increases the threat level.
: In addition, a more complex technology stack means new threats are possible from across the stack (i.e., from the different hardware, communication, and software elements) which must be counteracted by the implemented cybersecurity measures and by experienced security professionals.
3. IoT Security Happens on Four Different Layers
IoT solution architectures require multi-layered security approaches that seamlessly work together to provide complete end-to-end security from device to cloud and everything in between throughout the lifecycle of the solution. The 4 layers consist of:
Secure Lifecycle management
- Device: The device layer refers to the hardware level of the IoT solution i.e., the physical “thing” or product. ODMs and OEMs (who design and produce devices) are increasingly integrating more security features in both their hardware and software (that is running on the device) to enhance the level of security on the device layer. Security components include: physical security, data at rest, chip security, secure boot, device authentication and device identity.
- Communication: The communication layer refers to the connectivity networks of the IoT solution i.e., mediums over which the data is securely transmitted/received. Whether sensitive data is in transit over the physical layer, networking layer, or application layer. Unsecured communication channels can be susceptible to intrusions such as man-in-the-middle attacks. Security components include: access control, firewall, IPS, IDS, and end-to-end encryption.
- Cloud: The cloud layer refers to the software backend of the IoT solution i.e., where data from devices is ingested, analyzed and interpreted at scale to generate insights and perform actions. IoT cloud providers are expected to deliver secure and efficient cloud services by default to protect from major data breaches or solution downtime issues. Security components include: data at rest, platform and application integrity verification.
: Secure Lifecycle Management refers to an overarching layer with continuous processes required to keep the security of an IoT solution up-to-date i.e., ensuring sufficient security levels are in place from device manufacture, initial installation to the disposal of things. Security components include: risk assessment, policies & auditing, activity monitoring, updates and patches, vendor control, user awareness assessment, and secure decommissioning.
4. Increasing Automation of IoT Security Tasks
With forecasted growth to billions of IoT devices, manually handling security tasks (e.g., revoking certificates, isolating compromised devices), as is still the case in many solutions today, will not be feasible. Security automation techniques that merge security solutions and artificial intelligence are becoming more and more prevalent.
For example, next-generation activity monitoring enables advanced anomaly detection, building on sophisticated machine learning algorithms. One case includes objectively classifying ‘good’ files from ‘bad’ files based on mathematical risk factors, which means it becomes possible to teach a machine to make the appropriate decisions on these files in real time. This method drives autonomous decision making and changes the way an IoT device understands, categorizes, and controls the execution of every file.
5. Cyberespionage Groups and Petty Criminals Are the Most Common IoT Attackers
The five main types of IoT attackers today are:
- Amateur hackers: e.g., script kiddies, hobbyists.
- Petty criminals: e.g., low-level cyber criminals.
- Cyberespionage groups: e.g., organized syndicates or crime groups such as Armada Collective, Black Vine, GreenBug.
- Terrorists / hacktivists: e.g., professional, non-state actors such as Oxblood Ruffin or political hacktivists.
- State sponsored attackers: e.g., foreign espionage via state-sponsored sabotage and traditional adversarial nation-states e.g., Russia, China.
Each class of attacker may have different abilities, capabilities, and goals – whether on an individual or group basis (i.e., aggregating resources to work together). Given the same tool different classes of attackers may achieve different outcomes e.g., experienced cyber criminals can evade deep packet inspection tools or IDS signature detection tools whereas new hobbyists may not.
However, cyberespionage groups with vast resources and highly skilled petty criminals are the most common type of IoT attacker. In many cases, they have developed advanced malware with the ability to mutate and evade detection for longer on IoT networks or they leverage DDoS attacks as a means for blackmail.
Yogesh PATIL, PMP®
YouTube Channel: https://www.youtube.com/channel/UCUaaKhNXCB-1yhb311GeyZA (digitaltransformation)