Has the security of connected devices fallen behind?
Security of the world of connected devices in a few figures
Understanding the increase in security expenditure in the world of connected devices: +28% in 2018, can be interpreted in different ways. First of all, this significant growth emphasizes the global boom in this market. Some are forecasting that more than 40 billion connected devices are on the horizon for 2020, making it logical that the pace of investment in securing them is very high. According to Gartner, in excess of 1.5 billion dollars will be spent this year compared to 1.2 billion last year, rising to 2.5 billion for 2020. This is not surprising according to analysts, since IoT developers uncover security defects and weaknesses beltaedly, instead of anticipating them upstream. “Organizations often have no control over the source and nature of the software and hardware used by connected smart devices,” says Ruggero Contu, Research Director at Gartner.
IoT: two markets in parallel
Two parallel markets have therefore emerged: that of hackers and malware (called ransomware) and that of software that can block or immunize targeted connected devices. Companies that develop these machines often have little knowledge of software or terminals that allow the collection and transmission of data from a smart device. We understand then that difficulties arise relative to product launches and attempted attacks by the infamous hackers.
A worrying security
A survey conducted by Vason Bourne for Trend Micro, with more than 1,000 IT and security executives, revealed that 43% of respondents think of security after product development. Only a third (or thereabouts) of respondents assign a security team to an IoT project, be it for a smart factory or an energy project. This figure drops to 30% when it comes to accessory projects. However, these managers are aware of the danger, with 63% of them believing that it has increased rapidly over the past year. In addition, the main flaws are found in relation to the personal data of users that could be stolen or used fraudulently. According to these same managers, this is the major risk (loss of confidence and therefore a loss of customers), cited even before the financial risk for the company.
So, why this delay and how can it be addressed?
It seems that this kind of problem is inherent to any industrial project, the development of the product often overshadowing usage security. Nowadays, recommendations are based on the difficulties and risks from the beginning of an IoT project, but also on the careful examination of the network structure ahead of the project.
We can now envisage a new world of security, coming from either passive or corrective action, and which is moving towards security by design. Spending nearly a billion to outsource the handling of security issues to “specialized professionals” is undoubtedly a sign that integrated solutions at the heart of research and development teams must now be favoured in order to limit delay and make way for growth with greater peace of mind.
To read on the same subject: IoT: must we choose between data and security?