When I asked security experts for their 2017 predictions, ransomware was mentioned more often than anything else. But close on ransomware’s heels were the security concerns surrounding the Internet of Things (IoT). This isn’t surprising, considering the rising popularity of the IoT in both enterprise and consumer settings and with the recent attack caused by the Mirai botnet. However, the predictions regarding IoT security focus vary a lot more than I expected. Here is a sample of those predictions.
Yoel Knoll, VP of Marketing with TopSpin Security, looked at the security issues that are built into IoT devices, discussing that the way the IoT is designed – the need to perform specific functions with low power consumption, minimal CPU cycles, and low memory requirements – prevents onboarding of traditional security tools. Knoll foresees cybercriminals taking advantage of the lack of baked-in security and predicts that in 2017 we will see more attacks against IoT devices, and more security solutions geared toward the IoT market, adding:
Attacks will range from DDOS – such as the attack that hurt Twitter, Amazon and a host of other site which originated from hijacked web-cameras – to more targeted attacks aimed at stealing valuable data by breaking into enterprise IoT devices such as VoIP phones, printers or even employee attendance systems. While the former attacks will no doubt get the headlines, it’s the latter stealing data which will cause the most damage – mainly because this type of attack is extremely difficult to detect.
In a related note, Javvad Malik, security advocate at AlienVault, said we should expect the debate about the need for security in IoT devices to heat up, putting pressure on manufacturers to architect fundamental security principles into the designs of internet-connected products.
Meanwhile, Rajiv Gupta, CEO with Skyhigh Networks, predicted that IoT security concerns will force the United States to take action about hacking, telling me via email:
After incidents affecting critical infrastructure in the Ukraine and New York state this year and the threat of voting machine hacks, the new U.S. administration is on the spot to address cyber espionage. The U.S. managed to reduce Chinese hacking of private sector companies through closed-door diplomacy, but the stakes are much higher with the threat of connected device hacks on the table. On the defensive side, the EU produced legislation requiring minimal cybersecurity capabilities for critical infrastructure, and the U.S. may follow in 2017.
Finally, Eve Maler, VP Innovation & Emerging Technology with ForgeRock, anticipated that the real problem with IoT security will involve personal privacy. She said it is easy to imagine the damage that IoT-based security incidents can do, considering how much our lives have become dependent on the devices to keep our infrastructure up and running. But she added:
For IoT in health care, smart homes and more, however, the consequences are different but no less severe, and a killer requirement comes to the fore: privacy. The most mature part of the IoT security and privacy technology stack comes from its web API heritage, with protocols such as OAuth and OpenID Connect playing a key role. With the FCC tightening privacy rules for broadband providers in the U.S. and the GDPR looming in the EU, the adoption of the OAuth-based consent and delegation standard User-Managed Access (UMA) protocol is likely to accelerate.
I think it is clear: IoT security is going to affect all of us in 2017, both professionally and personally. Will industry and manufacturers step up to the security challenge?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba