The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address.
“There is no doubt the levels of risk are set to increase alongside the growth in deployment of IoT devices,” says Ruggero Contu, research director at Gartner. IoT will introduce thousands of new threat vectors simply by increasing the number of networked points, Contu says.
While IoT offers great opportunities, in interconnected environments “the security risks increase exponentially and the attack vector or surface is—in theory—potentially limitless,” says Laura DiDio, director enterprise research, Systems Research & Consulting at Strategy Analytics.
“Additionally, the burden on IT departments is much more onerous,” DiDio says. “They have much, much more to track.” Endpoint or perimeter security is the focal point of a lot of attention and with good reason, DiDio says, because it’s the first line of defense and takes the brunt of the full frontal assault.
[ ALSO ON CSO: Security and the Internet of Things – are we repeating history? ]
“That said, it is not the only vulnerable point in the IoT infrastructure,” DiDio says. In fact, in IoT environments where every thing and increasingly every person will be interconnected, careless end users constitute the biggest security threat to their organization’s IoT networks, according to Strategy Analytics 2016 survey data.
Not surprisingly, IoT security spending is on the rise. Gartner in an April 2016 report said worldwide spending on IoT security will reach $348 million in 2016, a 24 percent increase from 2015 spending of $281.5 million. And spending on IoT security is expected to reach $547 million in 2018.
Gartner predicts that IoT security market spending will increase at a faster rate after 2020, as improved skills, organizational change and more scalable service options improve execution.
The market is growing as both consumers and businesses start using connected devices in ever greater numbers, the firm says. Gartner has forecast that 6.4 billion connected things will be in use worldwide this year, up 30% from 2015, and will reach 11.4 billion by 2018.
The firm predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.
Security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT and the decentralized approach to early IoT implementations in organizations, Gartner says. The effort to secure IoT is expected to focus more on the management, analytics and provisioning of devices and their data. And by 2020, Gartner predicts that more than half of all IoT implementations will use some form of cloud-based security service.
Sign up for Computerworld eNewsletters.