The rise of connected devices in the age of the Internet of Things (IoT) has transformed how businesses approach operations.
In practice, the IoT has become more cost effective and easier to deploy, and as a result it is driving a fundamental shift in business models.
There are a number of problems with ushering in the era of the IoT, however, which all centre on the security capabilities of the connected system.
In recent years there has been a spate of high-profile hacks that organisations have been powerless to defend against. A data breach in the IoT age would have far more damaging and far-reaching consequences.
Despite this growing danger, the IoT is inevitable. There will be north of 20 billion connected devices by 2020 – smart houses, smart workspaces, smart transport and smart cities are all around the corner, and the groundwork is being laid now.
The onus, therefore, will be on cyber security companies and IT teams to develop effective, resilient and capable countermeasures to prevent increased security vulnerabilities.
‘The IoT represents the constantly growing universe of sensors and devices that create a flood of granular data about our world,’ says Steve Matthews, IoT practice director at Teradata.
‘The “things” include everything from environmental sensors monitoring weather or energy usage to “smart” household appliances, telemetry from vehicles and production lines. Devices of all types are moving online and connecting.’
Access to new, never-before-seen data is possible by electronically labelling everyday objects. Tracking these objects, combined with access to this ‘new’ data is gold dust for businesses seeking to identify both current and future consumer trends.
The IoT provides the ultimate market research, and it goes so far beyond that. It can connect humans to machine intelligence, from unmanned military surveillance technologies to automated factories, anywhere, anytime.
Despite the meteoric rise of the IoT, it is still in its early adoption stage, and there is a lot more to come.
In his book The Internet of Things, Samuel Greengard calls it ‘the second wave of a powerful digital revolution that began with the widespread adoption of computers in the 1970s and 1980s’.
However, before society becomes completely automated and totally self-driven, a looming problem must be solved: security.
‘Ensuring digital trust in the IoT era is critical to its ongoing success,’ comments Eve Maler, VP of innovation and emerging technology at ForgeRock.
Total connectivity, where no movement goes unnoticed, highlights rapidly growing security risks and privacy concerns.
As the IoT progresses, new regulation and security systems will have to be adopted and embraced by organisations.
Adapting to change
Most importantly for businesses, they must understand every aspect of devices connected to the IoT.
‘You can’t begin to secure what you don’t know about,’ remarks Kevin Bocek, chief security strategist at Venafi.
A strong security plan must be drawn up, tested and applied by businesses in order to protect consumer privacy, and indeed safety, in the IoT age.
‘Businesses that make use of connected devices to offer services to consumers need to ensure that they have systems and processes in place to protect the consumer data they are storing, whether it’s on the device itself, in transit or stored in the cloud,’ suggests Neil Cook, chief security architect at Open-Xchange.
Data needs to be protected using strong encryptions. Privacy leaks, arguably, are the least of the consumer’s concerns. As the IoT begins to infiltrate into an expansive range of everyday objects in different sectors, the dangers it poses significantly increase.
Recent news surrounding Ford’s plan to mass-produce driverless cars by 2021 has obvious security connotations.
The biggest security concern raised by the IoT is what happens when hackers are able to intercept device communications – like driverless cars – and send through dangerous commands, comments Bocek.
He uses the example of medicinal dosage systems: ‘If a hacker was to intercept traffic between the dosage tracker and a trusted communications network, they could make the device relay lethal dosages of medication to a patient.’
The future implications of underestimating the security vulnerabilities of the IoT can quickly shift from leaking potentially compromising data to the balance between life and death.
It is important, however, to make the distinction between now and the future. ‘Currently,’ remarks Steve Mulhearn, director of enhanced technologies, UKI and DACH at Fortinet, ‘we are only aware of relatively few real-life threats that have originated from the Internet of Things’.
Cyber security vs. cybercrime
The Oxford online dictionary provides a telling example sentence in relation to the IoT: ‘If one thing can prevent the Internet of Things from transforming the way we live and work, it will be a breakdown in security.’
The expansion of the IoT will present infinitely more opportunities for hackers to invade smart devices and systems, from the fire alarms in your office to, more worryingly, air traffic control centres.
‘Moving forward, segmentation will be [necessary] to limit the propagation and persistence of any attack,’ comments Mulhearn. ‘You wouldn’t, for example, have connected vending machines accessible to the same part of the network as employee records.’
At the moment, the increasing frequency and variety of cyber attacks are bamboozling cyber security systems.
There have recently been spates of high-profile hacking scandals targeting personal data. Yahoo, Sony, VTech, TalkTalk and the Australian Bureau of Statistics are just some of the organisations exposed by cyber security breaches.
It would seem that they are woefully outgunned.
>See also: The unrealised impact of IoT
There are, however, accessible solutions that can stem the tide.
Sharing cyber threat intelligence is an effective method that is not deployed enough. A more advanced approach that businesses can explore, expand and develop is the integration of artificial intelligence (AI) into current security systems.
‘AI-based cyber security is truly a sea change in the security industry,’ says DB Networks’ chairman and CEO Brett Helm. ‘AI enables us to quickly and accurately identify cyber attacks in progress.’
In the future, the output from AI will ‘drive autonomous cyber security technologies that not only block attacks but also automatically heal the vulnerabilities’.
This way, security systems would not have to be built from the ground up to accommodate the IoT, but rather have AI technology integrated into them.
The digital battlefield, regardless, will be very much alive.
Risk vs. reward
So the question that should be addressed centres on whether the benefits of IoT outweigh the potential risks of being fully connected.
Darren Anstee, chief security technologist at Arbor Networks, recognises the significant benefits that the IoT can bring to business.
‘However, the gains can pale into insignificance if we inadvertently open up an easy route onto the network, and potentially to your business IP and customer data, for the bad guys out there,’ he warns.
The benefits for businesses are significant in understanding consumer behaviour and in gathering information.
The ‘new’ data referred to earlier will enable manufacturers to change the way that devices are designed, upgraded and restored.
‘The result,’ according to Matthews, ‘will not just be greater efficiency but entirely new functionality and levels of service.’
>See also: Internet of Things: a retail perspective
Like security, however, the way all this big data is processed will have to be upgraded in order to make sense of it. In this case, the ‘Analytics of Things’ or the implementation of data lakes are worthwhile solutions to pursue.
The rate at which the IoT is expanding is undeniable. Regardless of the security implications or analytic shortcomings, integration of the IoT is going to explode at a phenomenal rate.
Analyst firm Gartner predicted last year that 20.8 billion devices will be connected by 2020, up from 4.9 billion in 2015.
It predicted that 6.4 billion connected things would be in use worldwide this year, up 30% from 2015, and that 5.5 million new things will be connected every day.
Gartner estimates that the Internet of Things will support total services spending of $235 billion in 2016, up 22% from 2015, while the use of connected things in the enterprise will see $868 billion in 2016.
Now these are a lot of big figures, and the major factor behind them is the customer, or consumer. The appeal of the IoT – increased efficiency, productivity, satisfaction and environmental benefits – to the customer, and indeed businesses, cannot be underestimated.
‘Aside from connected cars, consumer users will continue to account for the greatest number of connected things,’ says Jim Tully, vice president at Gartner.
The user implications are so great, and so desired by the consumer, that CIOs and IT departments will have no choice. Security and analytics systems will simply have to evolve at the same rate as the Internet of Things expands.