The age of Internet of Things (IoT) is upon us, which enables greater connectivity that goes well beyond the common use of smartphones, tablets, and PCs. Gartner(1) is predicting that 26 billion units, aka ‘things,’ will be IoT by 2020.
For many this means the opportunity to connect to ‘things’ never before imagined – for instance, syncing your smart phone to a vending machine that instantly delivers your favorite soda. Or, having your car alert your house heater to increase to 70 degrees during your 10 minute drive home.
However, for those in the cyber security space, this means greater complexity and continuation of the already tough battle that faces networks to remain secure against the latest threats, which naturally evolve as we adopt a new wave of connected technologies.
Security and software professionals will have to continue to adapt quickly. As recent as 10 years ago the process to secure IT software and hardware products was an afterthought. Typical lifecycle included building the software app, testing the app, and then releasing it into production. More often than not, security features were only added after a vulnerability was exploited and caused meaningful disruption.
Luckily, the IT industry has evolved, and today it is more common to “build security in” from the early stages of product design. Designers and engineers have become much more accommodating for security needs and have adopted secure software development techniques. Technology vendors have realized that in the long run it costs less to build security in, rather than bolting security into a product after the fact.
Just as the industry is turning a corner and adopting new security lessons, IoT comes to fruition. Perhaps, the biggest issue with securing “things” in the era of IoT will be educating designers about these internet connected devices and about what it means to be truly secure. People designing internet-connected refrigerators, clothing, and cars are not software designers by trade, much less security experts.
Although it might be really cool to have your refrigerator connected to your grocery store and have the ability to download the week’s list of items that need replacing, there is a whole set of security issues implicit to the simple act of communications.
Certainly, we can expect to see the market for cyber crime and miscreants to increase as the market for the IoT continues to expand. We know from studies, such as the recent Rand report on markets for cyber crime tools, that whether a criminal is motivated by political or financial gain they tend to have a specialty and our markets develop around the different types of attack dynamics. With IoT, both the modern smart developer and smart buyer will need to proceed with great caution.
(1) Gartner Press Release, The Internet of Things, March 19, 2014