With the Internet of Things (IoT), Internet connectivity extends into physical devices and everyday objects. These IoT devices communicate with other devices, and they can also be remotely monitored and controlled. Each device has a unique identifier and the ability to transfer data over a network — think smart TVs, voice assistants, smart energy meters, wearables, connected cars, and smart healthcare devices. Today, connected devices can also be integrated into critical systems, such as those running air traffic control, energy grids, environmental management, and government IT.

The perfect storm

A confluence of factors is pushing IoT into the mainstream.

  • According to Bain & Company, the markets for IoT hardware, software, systems integration, data, and telecom services will grow to $520 billion in 2021, more than doubling the figure in 2017.
  • Research firm Gartner Inc. has estimated that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021.
  • IDC expects worldwide IoT spending will maintain a double-digit annual growth rate throughout the 2017-2022 forecast period and surpass the $1 trillion mark in 2022.
  • Ericcson is forecasting that the number of cellular IoT connections will reach 3.5 billion in 2023, increasing at a CAGR of 30%.
  • IoT devices and services are expected to reach an inflection point of 18% to 20% adoption in 2019.

Incredible IoT growth presents enterprises with huge opportunities; for security professionals in the private and public sector whose job is to protect sensitive data and assets, it can also represent a worst nightmare.

How do we allow billions of “things” to connect to the Internet and each other, opening them up to serious vulnerabilities, if we can’t properly protect them?

IoT security

While security-related IoT spending is on a steep upward trajectory, so are the number of breaches and botnets associated with connected devices. Simply put – more connected devices means more attack vectors and greater exposure to attack. Given the massive scope and breadth of IoT-based infrastructures, organizations are beginning to realize that their security programs will need to rise to a whole new level if they are going to realize the full benefits of IoT.

Here are some best practices that can help you minimize IoT risk:

  1. Maintain an accurate inventory that covers the full range of your IT assets (managed and unmanaged, devices, apps, users, on-premises, cloud, partner assets, IoT, and mobile).
  2. Continuously discover all assets in real time.
  3. Analyze your attack surface and calculate the business risk for every asset across the enterprise.
  4. Identify vulnerabilities and risk across a broad set of 100+ attack vectors for all types of assets, including IoT
  5. Prioritize based on business criticality and other factors such as vulnerabilities, active threats, and your existing security controls
  6. Address and mitigate any possibility for cyberattacks preemptively with prescriptive fixes.

Summary

Few technology trends are growing as quickly as the Internet of Things. One of the key concerns related to its successful adoption is having sufficiently strong security mechanisms in place throughout the ecosystem. Because of its very nature, the IoT will require not only technological innovation but also social and ethical discipline, especially in regard to privacy and security concerns related to the pervasive presence of IoT devices.

IoT security is still a work in progress and getting it right will mean securing increasing numbers of attack vectors for traditional, cloud, mobile, and IoT assets. A recent KPMG survey of 750 tech leaders predicts that IoT will lead to the next indispensable technology and has the greatest potential to drive the greatest benefits to life, society, and the environment. At the same time, IoT security, governance, ethical concerns, and integration remain top industry priorities. As IoT evolves, we have the opportunity to deliver great societal value, harnessing its power while carefully managing its implementation and ongoing cybersecurity.