The Internet of Things (IoT) is estimated to grow into a $600 billion industry by 2019, however growing security risks could undermine its business opportunities. In a survey conducted by Capgemini Consulting, 71% of the respondents agreed that security concerns will influence customers’ purchase decisions for IoT products.
As the IoT continues to grow, internet enabled systems will become an increasingly attractive target for cyber attacks. Last year hackers gained access to US retail chain Target’s networks through Internet-enabled heating, ventilation and air-conditioning systems, which led to the theft of 40 million credit card numbers.
Among industry segments, home automation and medical device manufacturers reported the lowest levels of resilience to cyber attacks. Despite the consumer IoT market expected to make up just 10% of the overall industry by the end of the decade, it’s particularly worrying considering that there are expected to be over 19 million connected medical devices by 2018.
Reasons organizations are lagging behind in securing IoT products:
- IoT systems present multiple points of vulnerability – the product, the embedded software and the data residing within the system. While securing all these surfaces is a major challenge for organizations, there’s also a need to secure data centres and communication channels.
- Connected devices need to be updated regularly to safeguard them from threats. Despite this almost obvious threat mitigation procedure, the survey shows only 49% of organizations provide remote updates for their IoT devices.
- Security is not yet the core focus during the IoT product development process. To cash in on the first mover advantage, organizations often prioritize speed-to-market over security. Only 48% of companies focus on securing their IoT products from the beginning of the product development phase.
- Organizations aren’t focusing on acquiring specialized security skills for their IoT products. 35% of respondents in the survey cited the shortage of specialized security experts in their organizations as a key challenge to securing IoT products.
- Few organizations are taking proactive steps to strengthen security by partnering with, or acquiring, specialized security firms. The research reveales that only 35% of companies are partnering with specialized security firms and only 19% are acquiring specialized security firms as part of their IoT security strategy.
How to make security the core of all IoT development:
- Organizations should setup integrated teams for IoT product development which include business executives as well as security experts.
- Risk analysis should be part of the IoT business plan so that product development and launch are based on strong understanding of the risks
- A significant number of software vulnerabilities can be addressed by adopting secure coding standards and best practices