There are many reasons – some subtle and some overt – that explain why security professionals wake up in a cold sweat from time to time. The bottom lines are simple: The IoT has permeated deeply within everyday life, it won’t be easy to secure and the clock is ticking.
The most obvious element is that the IoT is ubiquitous, and crackers (malevolent hackers; some hackers are good and others neutral) set loose in the IoT world can do massive amounts of damage. Since the IoT potentially is everywhere – in Fitbits, the electric grid, cars, medical equipment, factory floors, the utility infrastructure and, well, you name it – the threat of hacking is ominous. The potential for mayhem is endless and is happening today: From hacking a car
, taking over baby monitors
to hacking into utility grids
That’s the obvious challenge. The lesser known bookend is that it’s hard, if not impossible, to secure all the sensors and endpoints of the IoT. This will be true even if a consensus does emerge that it’s an important thing to do and reasonable funding is made available.
There are a few reasons for this. At the end of the day, they come down to what most things in business come down to: time and money. Truly protecting the IoT would drive up costs in a landscape in which endpoint and sensor devices must be very inexpensive (there will be, after all, billions and billions of them
). They need to use almost no power and they often need to be put in inaccessible places. All three properties of sensors make adding a layer of security a big deal.
Layered on top of these issues is the fact that the bad guys are energized. Indeed, times have changed. At one point, people causing problems most often were isolated and disorganized lone wolves looking for a quick payday, trying to prove their abilities or make a political or social statement. Now, they are highly disciplined organized crime groups and multinationals. That means there’s little room for error: Vital information stolen today is sold on well-run and sophisticated markets. Crackers have gone corporate. And, just like any entrepreneur, they see new markets and rush to expand before the competition beats them to it.
No wonder security experts want to hide under a bed
. Amid all those factors is the thought that not enough is being done. TechCrunch last month suggested that “experts agree that security is not only an afterthought, but often is actively resisted and circumvented.”
IoT security has the feel of the beginning of a summer horror flick: People are going about their business, oblivious to the intensely frightening things that are about to befall them. In the case of the IoT, it’s a recipe for disaster: People and institutions are willingly – indeed, in most case unknowingly – ceding vital information and deep control of their lives to the IoT. At the same time, there are substantial obstacles to putting a system in place that can protect that data and access. Finally, even when alerted to the dangers, people seem to be more or less shrugging their shoulders.
All is not lost, however. Going forward, experts suggest that security steps must be built into IoT devices and systems instead of bolted on later. Indeed, the IoT security market is growing quickly. A report from MarketsandMarkets says that the IoT security market is expected to grow at a compound annual growth rate (CAGR) of 36.1% between this year and 2021
. That growth – gaining more than a third in size per year for five years – will push value from $7.9 billion to $36.95 billion. That provides at least some basis to think that smart people are hard at work on the problem. Hopefully, that’s true – and the systems and technology they are developing will be deployed widely.