We may have a big problem.
Steve Morgan, the founder and CEO of Cybersecurity Ventures, used Dark Reading as a platform for estimating the cost of securing the emerging, pervasive IoT network. He cites Gartner numbers suggesting that there will be 6.4 billion IoT endpoints this year. He then cites MarketsandMarkets, which suggests that the IoT security market last year was $6.89 billion.
Rounding things off, securing the IoT, or attempting to do so, since the possibility exists that it is a fruitless task at any price, will cost, as Morgan puts it, “$1-per-thing.”
This won’t work. The first thing to keep in mind is that the IoT is growing faster than a Powerball jackpot. Morgan points out that the same Gartner research predicts more than a tripling of IoT devices by 2020, for a total of 20.8 billion. The MarketsandMarkets Research says that the security market will grow to $28.90 billion by the same year. That’s a compound annual growth rate (CAGR) of 33.2 percent. The very rough $1-per-thing figure stands.
That big increase may be due to the fact that there might not be many economies of scale in the security picture. Granted, many brilliant people are working on the problem. The fact remains, though, that the security on current IoT devices is stripped down and basic. It is not likely that chip integration or some major breakthrough will radically lower hardware and software costs. They may go down – hardware and software prices always do – but not radically.
Secondly, millions of devices are already are in the field. If their security must be changed and upgraded, it will cost a lot of money to reach them. To some extent, isolating hard or impossible to reach IoT devices in some sort of cordoned-off subnetwork is an approach. But it sounds neither cheap nor foolproof.
This is not academic. ITProPortal posted a story this week about a warning from Vectra Networks that points to the possibility that everyday items, such as Web-based Wi-Fi baby monitors, can be taken over to be used by crackers:
Turning an IoT device into a backdoor essentially gives hackers 24×7 access to an organisation’s network without needing to infect a laptop, workstation or server, all of which are usually under high scrutiny by firewalls, intrusion prevention systems and malware sandboxes, and typically run antivirus software that is updated regularly.
Security fears continue to grow. The uncomfortable feeling that every connected device is a potential welcome mat to crackers and crooks isn’t neurotic. It’s reasonable. People are citing it as a reason to stay away from the IoT (to the extent it’s possible to do so). CNET’s Roger Cheng pointed to research that showed that people are paying attention to IoT security concerns:
A study conducted in November by Accenture found that nearly half the respondents cited security concerns and privacy risks among the top three reasons they would stay away from Internet of Things devices and services, ranging from smartwatches to connected home thermostats. The survey, released last week, involved 28,000 respondents from 28 countries.
The IoT is becoming part of everybody’s life. It’s unavoidable. However, folks who proactively steer clear can reduce their exposure significantly. If this happens, the market will level off – and that $1-per-thing price tag will become increasingly prohibitive.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.