top button
    Got Questions


Global IoT Summit 2018
Oct 31, 2018
The Leela Palace, Bangalore



    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

5 Things to Know About IoT Security

+1 vote
470 views

We are currently witnessing a growing number of IoT deployments and solutions around the world. IoT security is emerging as a key component of these deployments and companies are recognizing they need to get it right from the beginning – By 2022, the IoT security market is forecast to reach $4.4 billion. Various industry surveys, as well as our own research, indicate cybersecurity is the #1 concern for industrial IoT users today.
IoT Security is key for the secure development and secure operation of scalable IoT applications and services that connect the real and virtual worlds between objects, systems, and people.
In this article, we turn our focus to expand on 5 IoT Security insights gathered from our ongoing market research:

1. IoT Security Spending Is Rapidly Increasing

Global spending for end-users of 3rd party security solutions is currently estimated at $703M for 2017 and is forecast to grow at a CAGR (Compound Annual Growth Rate) of 44% to become a $4.4B market by 2022, driven by new regulation and increasing IoT adoption.

In addition to the security tools provided by IoT platforms the IoT security market is an aggregation of innovative startups and established firms such as global chip manufacturers, infrastructure providers, as well as cloud and enterprise software companies.

2. IoT Introduces an Increased Number of Security Threats

One of the big differences between the Internet of Things and previous internet technology is that the number of possible threats is much larger, due to the following (based on the above equation for the level of cybersecurity risk from Bosch):

  • More points of exposure: The growing number of connected devices, applications, systems and end users mean more points of exposure.
  • IoT devices themselves become new attack vectors: Every compromised device becomes a new possible attack point, which means a higher probability of attacks.
  • Increased impact of attacks: With more connected devices in many applications (i.e., hundreds of different use cases which all build on different standards, interact with different systems and have different goals), especially critical infrastructure applications where there is an increased impact of attacks (i.e., damage to the physical world and possible loss-of-life), the stakes are much higher for hackers which increases the threat level.
New threats from across the stack: In addition, a more complex technology stack means new threats are possible from across the stack (i.e., from the different hardware, communication, and software elements) which must be counteracted by the implemented cybersecurity measures and by experienced security professionals.
 
3. IoT Security Happens on Four Different Layers
 

IoT solution architectures require multi-layered security approaches that seamlessly work together to provide complete end-to-end security from device to cloud and everything in between throughout the lifecycle of the solution. The 4 layers consist of:

  • Device: The device layer refers to the hardware level of the IoT solution i.e., the physical “thing” or product. ODMs and OEMs (who design and produce devices) are increasingly integrating more security features in both their hardware and software (that is running on the device) to enhance the level of security on the device layer. Security components include: physical security, data at rest, chip security, secure boot, device authentication and device identity.
  • Communication: The communication layer refers to the connectivity networks of the IoT solution i.e., mediums over which the data is securely transmitted/received. Whether sensitive data is in transit over the physical layer, networking layer, or application layer. Unsecured communication channels can be susceptible to intrusions such as man-in-the-middle attacks. Security components include: access control, firewall, IPS, IDS, and end-to-end encryption.
  • Cloud: The cloud layer refers to the software backend of the IoT solution i.e., where data from devices is ingested, analyzed and interpreted at scale to generate insights and perform actions. IoT cloud providers are expected to deliver secure and efficient cloud services by default to protect from major data breaches or solution downtime issues. Security components include: data at rest, platform and application integrity verification.
Secure Lifecycle management: Secure Lifecycle Management refers to an overarching layer with continuous processes required to keep the security of an IoT solution up-to-date i.e., ensuring sufficient security levels are in place from device manufacture, initial installation to the disposal of things. Security components include: risk assessment, policies & auditing, activity monitoring, updates and patches, vendor control, user awareness assessment, and secure decommissioning.
 
4. Increasing Automation of IoT Security Tasks

With forecasted growth to billions of IoT devices, manually handling security tasks (e.g., revoking certificates, isolating compromised devices), as is still the case in many solutions today, will not be feasible. Security automation techniques that merge security solutions and artificial intelligence are becoming more and more prevalent.

For example, next-generation activity monitoring enables advanced anomaly detection, building on sophisticated machine learning algorithms. One case includes objectively classifying ‘good’ files from ‘bad’ files based on mathematical risk factors, which means it becomes possible to teach a machine to make the appropriate decisions on these files in real time. This method drives autonomous decision making and changes the way an IoT device understands, categorizes, and controls the execution of every file.

5. Cyberespionage Groups and Petty Criminals Are the Most Common IoT Attackers

The five main types of IoT attackers today are:
  • Amateur hackers: e.g., script kiddies, hobbyists.
  • Petty criminals: e.g., low-level cyber criminals.
  • Cyberespionage groups: e.g., organized syndicates or crime groups such as Armada Collective, Black Vine, GreenBug.
  • Terrorists / hacktivists: e.g., professional, non-state actors such as Oxblood Ruffin or political hacktivists.
  • State sponsored attackers: e.g., foreign espionage via state-sponsored sabotage and traditional adversarial nation-states e.g., Russia, China.

Each class of attacker may have different abilities, capabilities, and goals – whether on an individual or group basis (i.e., aggregating resources to work together). Given the same tool different classes of attackers may achieve different outcomes e.g., experienced cyber criminals can evade deep packet inspection tools or IDS signature detection tools whereas new hobbyists may not.

However, cyberespionage groups with vast resources and highly skilled petty criminals are the most common type of IoT attacker. In many cases, they have developed advanced malware with the ability to mutate and evade detection for longer on IoT networks or they leverage DDoS attacks as a means for blackmail.

Regards,
Yogesh PATIL, PMP®
E-mail:                 patil.yogesh.j@gmail.com
Mobile:               +91.956.108.6507
Facebook:           https://www.facebook.com/patil.yogesh.j
LinkedIn:             https://www.linkedin.com/patilyogeshj
Instagram:          https://www.instagram.com/patil.yogesh.j
Twitter:               @patilyogeshj
YouTube Channel:  https://www.youtube.com/channel/UCUaaKhNXCB-1yhb311GeyZA (digitaltransformation)

posted Mar 30 by Yogesh Patil

  Promote This Article
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

Related Articles
+1 vote

Technologies never fail to provide us exciting developments plus always promises to create our lives better. Within recent years, there provides been an explosion associated with technological creative imagination and advancement, with bold projects getting undertaken on all sides of the Earth: through wireless power, 3D publishing, autonomous vehicles and Automated Content Recognition, to cellular robots and - the particular topic of this awesome article: The Internet of Things, or, as some call it, The Internet of Everything.

What is an IoT?

The Internet of items (IoT) is the system of physical devices, automobiles, home appliances as well as other products embedded with electronics, software’s, sensors, actuators, and system connectivity which helps these types of objects to attach and exchange data. Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the current Internet infrastructure.

What exactly is an IoT career?

Unlike most other industries, it would be wrong to identify IoT as a complete industry by itself, with its own specialization when it comes to learning. Yet, one of the first things that come to a student’s mind when selecting a career path is the qualification and specialization needed for it. From that perspective, these are mainly the various verticals that one can prepare for – Data Analytics, Network and Architecture, Security and Mobile and UI Development.

Why IoT matters right now?

The most exciting thing about this field right this moment is the sheer number of possibilities. When computers were invented, nobody knew that someday the whole world would work on them. The same can be said for the Internet of Things. Even though there are very a few defined roles and positions now, all that might change pretty soon since standards in this domain are still being created. “Various industries such as Healthcare, Transportation, Retail, Oil plus Gas, Aviators, etc certainly will leverage IoT-ready platforms and frameworks in order to expand their business plus attach using their audience. This particular is a huge prospect of various IT companies in order to realign their offering meaning deploying more workforce together with the need for special assets.

The way to prepare?

There is usually no specific degree upon IoT yet. Nevertheless, IoT course is designed simply by real-time authorities in order to learn about Internet associated with Things plus its significance to have the clear knowledge of IoT training. The particular IoT Online Training plan helps you to understand architecture plus various concepts in the particular Internet of Things. 

...