As we become increasingly dependent on smart technology and the internet of things, IoT security is becoming a very hot topic. In the past, the average person wasn’t all that fearful of computer viruses because they couldn’t lead to any physical harm.
Unfortunately, the IoT has completely changed that paradigm. Today with our smart homes and smart cars specifically, computer viruses and malware have the potential to cause serious physical harm.
This informative post on Wired about the “Jeep Hackers” shows just how important IoT security has become. Curious as to what the cyber security industry is doing to solve that issue, we asked a group of industry experts…
What’s The Future Of Iot Security?
Their answers should leave you feeling a bit better…
Jonathan Penn, Director of Strategy at Avast
“IoT security will see many interesting developments arise from the connectedness and automation of devices and systems. These developments include new forms of authentication, more dynamic authorization, and improvements in behavior analysis at the machine and system level to detect indicators of threats.
AI will power these enhancements, as well as new self-defense mechanisms. But security is in large part about the unknown, and begs humility in recognizing our limitations to predict and prevent all unknowns. They say, Those who fail to learn from history are doomed to repeat it.
Some people think we have learned how to make systems completely secure, and that the IoT can avoid the issues plaguing the Internet today. But we should discount such optimism as unwarranted, and even dangerous in creating complacency. The real take-away is that attacks are inevitable. In 10-15 years, expect IoT security to be something that we still talk about.”
Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools
“Any unsecured web-connected device could give cybercriminals an access point to the “backbone” of a home’s computer network, and lead to the compromising of more important devices.
IoT organizations will begin to hire professional security practitioners to be able to help them understand that it’s not just a surface risk, it’s not just the fact that private information might be leaking out online, etc., but it’s also possibly a larger risk to consumers’ homes.”
Carl Herberger, VP of security at Radware
“IoT cybersecurity will only continue to grow in relevance as consumers and businesses replace old products with new, connected devices and gadgets. Seemingly every day a new IoT device is introduced to the market, and with it, a new target for hackers. Over the past 12 months, we have seen hackers leverage security vulnerabilities in connected devices to stage massive cyber-attacks and we are beginning to see a surge in ransom attacks directly on IoT devices.
These hacks have demonstrated the consequences of lacking, or even non-existent, security in place in IoT devices and research and events have shown that devices ranging from pacemakers to thermometers to connected automobiles are all hackable.
IoT cybersecurity is still catching up to the rapid development of connected devices, but until manufacturers, service providers, the government, and all involved parties directly address the inherit security issue, it will only get worse.”
Andrew Newman , CEO and Founder of Reason Software Company
“IoT security suffers today because the industry currently has many non-standard communication protocols, making security for these devices incredibly complex.
Within the next 10 years, the greatest security advancements will be in endpoint security monitoring, analytics and analysis through the use of machine learning and AI to detect attack vectors and patterns in IoT communication protocols.
While there is an expected shift toward endpoint firewalls within businesses, there will also be an increase in endpoint firewalls for home monitoring that are adapting to detecting and prevent intrusions of IoT devices and the networks they are on.
Additionally, we will see vendors begin using hardware and software that adheres to standardized practices, including better encryption and device to device authentication.”
Phil Richards, CISO at Ivanti
“As we see IoT adoption and expand into new markets, new products and new services; security will become an increasingly larger component of these tools.
In order to avoid risk manufacturers will add patching and application whitelisting to their utilities. You will be able to update the digital certificate of your lightbulb, create a VLAN for your baby monitor, and patch your toaster.
Vendors will continue to reduce the risk of their products on a hostile internet. Additionally, security features on these products will become selling points to a discriminating marketplace.”
Brian Geisel, CEO of Geisel Software
“In 10 years, we’re going to see security in the IoT mature, much as we’ve seen the networked PC do over the past 15 years. By that point, security will actually be one of the key points used by product reviewers for devices.
Over the next 10 years the IoT will start to develop distinct segments, each of which will end up with its own security solutions. For example, wearables may see some standardization around encrypted updates via Bluetooth, while the connected home may develop its own set of solutions.
There’s no doubt that unanticipated markets will emerge in the IoT over the next 10 years, but we can be equally as sure that device security will mature and stabilize significantly.”
Armin Ebrahimi, Founder & CEO of ShoCard
“We are currently at the point of maximum IoT vulnerability. According to a study from Gartner, the amount of IOT devices will reach at least 21 billion by 2020.
But it’s worth pointing out that the security risk is not a device issue. A device can still get into the hands of a cyber criminal, and there is no such thing as a ‘hack-proof’ device. Therefore to minimise enterprise vulnerability we need to focus on identifying and validating the user.
By putting in place a blockchain-based universal digital identity ecosystem, we can eliminate users gaining access through their device with just a user name and password, and instead invert identity validation to be controlled by the user and authorized via trusted four factor authentication.
Hagai Feiner, CEO of Access Networks
“As IoT devices become more common in homes, security will need to be at the forefront of product design. IoT device manufacturers need to address the primary vulnerabilities within their operating systems (OS) and applications (apps).
This can be done by providing the framework to constantly update the OS and/or app of the IoT device just like we do today for PCs. Manufacturers can also add security measures into their IoT devices like a firewall, IDS/IPS or Antimalware, which will automatically update itself to protect against the newest threats.
And finally, it is always best to lockdown access to any/all IoT devices by placing them on a secure network. To assure the confidentiality and integrity of the data between the IoT device and the control ecosystem or the cloud, IoT devices will need to use centrally managed digital certificates and hardware-based security modules to protect the digital certificate keys.”
Chris Piggott , Co-Founder of Synextra
“In 10 years, IoT will be just another part of the greater AI puzzle. We expect devices to be empowered by Big Data-powered AI, with smart features such as ‘user-profiling’ across multiple devices.
They’ll be smart enough to tell who is using a particular device at any given time and then follow them when they switch devices. They will be able to gather and analyse our usage habits from a plethora of IoT devices—to create user personas—which will aid in detecting and stopping suspicious activity.
For instance, your PC will know when you’ve left your desk to make a coffee that you requested on your Nespresso app, so that any activity on your unattended computer should be heavily moderated until you return.
With the rise of remote working, BYOD, Hosted Desktop and hot-desking, this will be imperative to secure our ever more connected workspaces.”
George Tatar, Founder and CEO of Akruto, Inc.
“This year would be the first year when the number of IoT devices would outnumber the world’s population. With this dramatic increase in consumer segment, IoT devices, such as Amazon Echo and Apple’s HomeKit initiative, will soon turn each common device into a smart device.
Despite this enormous number of smart devices constantly connected to the Internet, we see very poor cybersecurity level in most devices. This turns IoT devices into a dangerous weapon, capable of causing 1 Tbps attacks for days.
Looking into the state of IoT cybersecurity 10 years from now, my prediction is that it would be based on cloud solutions and neural networks, and would detect, analyze, and prevent cybersecurity threats in a real-time mode. I also expect major cybersecurity companies to switch to developing IoT security solutions, in many cases partnering with significant IoT vendors, as this niche is far from being crowded and lacks consolidated efforts to fight cybercrimes.”
Matt Kozloski, VP of Professional Services at Kelser Corporation
“As the number of sensors watching and interacting with our lives increases over the next 10-15 years, we’re going to need OSHA-like regulations for the security of these devices, from their development to integration and use.
Strict government regulation on device security–just like we have for things like drinking water and occupational safety today–would be a big shift from the self-regulated environment we have now.
However, as everything from manufacturing and hospitals, to hotels and cars begin collecting, synthesizing, and using a great deal of data automatically through connected devices, the risk posed by hackers will become too great not to formalize security requirements.
The supply chain of prescription medication, for instance, is highly regulated today. When hospitals rely more fully on data services provided by IoT to monitor and provide lifesaving medicine, the security of those devices becomes no less a matter of public health than ensuring that pharmacists and anesthesiologists are qualified.”