With a projected $267 billion in market revenue by 2020, the Internet of Things (IoT) is a red-hot topic these days. IoT adoption continues to climb, however it also poses new security concerns. With more data to collect and analyze, the possibility that something goes wrong increases. There are more security gaps, more people involved, and exponentially more information to consider.
Although the challenges are greater, there are steps you can take to protect your organization and your sensitive information. This blog post will look at the biggest IoT security challenges and how you can work to solve them using encryption.
The Internet of Things is a network of physical objects connected to the internet that send and receive information. Any technological device with an internet connection can be part of the IoT. This can include smartphones and other mobile computing devices, wearable tech like fitness trackers, medical devices, home automation, smart buildings, internet-enabled appliances, intelligent lighting systems, and autonomous vehicles.
According to IT research and advisory firm Gartner, there are already 8.4 billion connected IoT devices in 2017. And that number will more than double in just three years, reaching 20.4 billion by 2020.
Of course, the ever-increasing numbers of IoT devices also means that there are more targets for hackers. Large enterprises using IoT devices expose the greatest risk because of the huge quantity and value their information holds. However, consumers of internet-connected household devices like refrigerators and entertainment systems are also at risk.
Another security concern for IoT are “hubs,” which are convergence points for multiple IoT devices. These are common in enterprise settings. When IoT hubs are not encrypted, they open many devices to vulnerabilities at once. Organizations need to be conscious of the threats that these hubs face and protect them accordingly.
Recent studies have unveiled that vendors in the IoT market are largely unconcerned about securing IoT data and devices. In a 2016 survey by MIT Sloan Management Review, 66 percent of executives, managers, and IT professionals stated they did not see a need for improving their IoT data security.
This troubling indifference toward IoT security is supported in other studies. In a 2015 study of smart home devices by application security firm Veracode, researchers found serious vulnerabilities and a lack of encryption. They concluded that security is not a priority for developers of IoT devices.
These security vulnerabilities are a result of the competitive IoT market. Developers are most focused on actually completing the development of a product. They’re interested in getting it on shelves as quickly as possible, rather than spending time building in security during development.
For several other reasons, IoT technology is particularly susceptible to security flaws. Devices such as security CCTV cameras and baby monitors often ship with no built-in security. They run on outdated software that is vulnerable to hackers. With millions of self-driving cars set to join the IoT by 2020, patching and updating security software will become an even greater concern.
Unfortunately, many IoT devices simply don’t have enough hard drive space to perform upgrades or patches to the Linux kernel. This is usually due to manufacturers prioritizing cost savings over security. After all, smaller hard drives are much less expensive than larger ones. The consequences of this design flaw cascaded into the disastrous Mirai botnet attack of 2016, which temporarily took down the websites of major tech companies including Netflix, Twitter and Spotify.
All of these factors combine to create a precarious security situation for IoT devices. What’s more, many organizations that already use IoT don’t know how to secure their devices. Often, they are not even aware of the fact that security does not come built-in. Organizations that use or anticipate using IoT need to better understand and plan for the associated risks.
In order to stay on top of the ever-evolving IoT security threats, IoT professionals need to share information and collaborate with their peers. The free distribution of data and knowledge is one of the best defenses that IoT professionals have against hackers, who will continue to evolve their techniques as the technology evolves.
As a result, IoT security solutions, and in particular IoT data encryption, will need to be adaptable, with patches and updates appearing on a regular basis.
There are a variety of IoT devices, from smart coffee makers to heavy construction equipment. Each device is unique, which means the same IoT data encryption solution won’t work on every device.
Almost every IoT device connects to some kind of hub, edge, storage and/or gateway device. This focal point is the perfect location for establishing security controls and encrypting data at rest or in motion. Best practices for IoT data security should include using encryption solutions that adapt based on the type of environment that they’re encrypting.
With IoT devices on the rise, and IoT security threats along with them, you owe it to your organization and your customers to safeguard their sensitive personal information. Employ an intelligent IoT data encryption solution that can adapt to your environment. Learn more about Zettaset’s elastic encryption software, XCrypt, today.