Are we on the edge of an explosion of the Internet of Things (IoT)? It appears so, and it seems like organizations are serious about securing the IoT, according to new Gartner research. According to ZDNet, Gartner predicts that:
global spending on security for the Internet of Things (IoT) will reach $348 million this year, a 23.7 percent increase from last year's $281.5 million spend.
As the IoT gains momentum, Gartner expects the 2017 worldwide spend to fall just shy of $434 million, whilst the 2018 predicted spend is $547 million.
It sounds like a lot of money, but Gartner says that this is a drop in the bucket when you compare it to overall security spending. The analyst group also predicts that in the next four years, a quarter of all attacks will target the IoT, well out-gaining the percentage of security dollars budgeted for IoT security.
Where will the bulk of enterprise IoT security threats be? According to new research from Spiceworks, expect that threat to be coming primarily from wearable technologies. The majority of IT professionals said their greatest IoT security concern is wearables, followed by video equipment.
However, the study also found that while the vast majority of IT professionals (90 percent) worry about IoT security, only a third are actively doing anything to mitigate potential threats – and this corresponds nicely with the Gartner results in that the concern is there but the action to prevent attacks lags behind.
Other studies show that the concern is well-founded: HP Fortify found that 100% of the smartwatches that it tested contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.
And if IT and security pros didn’t have enough worry with BYOD issues, wearables necessitate another layer of security policies and actions for employee-owned devices, according to FierceMobileIT:
Enterprise IoT devices aren't the only reason IT pros should worry, as Andrew Hay, CISO of DataGravity, told FierceMobileIT at the RSA conference this year. Workers are bringing consumer-grade IoT devices into enterprise environments, too. In other words, IT pros don't have a choice at this point but to seriously consider security measures for IoT.
They don’t have a choice, but will we actually see improved security for wearables and the IoT? That’s the real question, and only time will tell if there is an answer. I suspect that steps will be taken when we hear about our first major attacks via wearables. Until then, we’ll stay at the security status quo.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba