IoT security concerns are mounting, even at the government level. The stats are quite alarming too! GetApp labs predicts the number of IoT attacks to increase to 300,000 and to account for more than 30 percent of all cyberattacks in 2019. The global IoT security spend is expected to reach $840 million by 2020 according to Gartner. In the wake of such an alarming situation, it is important to understand IoT security in detail.
Helping us on this front is Michael Fisher, a top tech evangelist who focuses primarily on Cyber Security, Digital Transformation, IoT, Data Science and VR. He works as a Systems Analyst at Whitcraft Group and is a noted guest speaker at top tech events. His accolades are plentiful – ranked #49 among the top influencers in Virtual Reality in 2017, ranked 20 among the top digital transformation influencers in 2018 and one of the top cyber security accounts to follow as per DZone.
So let’s dive right in.
What is the current state of IoT security?
We are going to get challenged with IoT security in the years to come as the growth of IoT devices accelerates. As you might be aware, close 10 billion devices are predicted by 2020. My concern with the cyber security approach in IoT is a lot of the Original Equipment Manufacturers (OEMs) are trying to make IoT devices cheap and fast. They are not focussing their resources on hardening these devices before placing them on the shelf. Hence, we definitely need to consider the approach of isolation and segmentation of networks for hardening these devices.
Where is IoT security headed in the coming years?
Like I mentioned, the OEMs are not taking security into consideration. So we would be going uphill with the number of issues in the near term but as the technology matures, it will get better.
Are companies and people becoming aware of the increasing hacks? Do you think this will slow down the IoT adoption rate?
Back in 2017, we had less exposure to the risks associated with IoT devices but through 2018, I am seeing that companies are more aware of the security threats associated with these devices. It is a great change and I think this trend will move uphill and companies will focus more on cyber security in the years to come. The IoT adoption rate will continue to grow despite these challenges.
Which area would get bulk of the attention in 2019 – device, network or backend security?
As far as device security is concerned, with botnets and other vulnerabilities coming to surface, it will take a while for OEMs to adhere to the security guidelines of IoT devices.
I think we will focus more on network security. According to me, it is the best approach as we need worry too much about whether the device we secured off the shelf is secure or not. We can take the approach from the network side and mitigate those risks.
What are the grave IoT security challenges for 2019 in terms of new methods of hacking and malware?
Cyber criminals would be targeting any kind of IoT device in 2019. Botnets can launch DDoS attacks to take over websites or other public facing services. Security surveillance cameras may be used to monitor confidential departments. There are also concerns around smart home devices such as Alexa and Google Home being used to tap into private conversations of people to use the data against them.
Various parties are involved in bringing IoT solutions to the market – device manufacturers, mobile app developers, IoT service providers and retailers. What should be the steps taken by them to ensure IoT security?
Firstly, they need to raise awareness on the security issues. They need to keep their firmware up to date and make sure their devices are hardened with enforcing password changes when users first log in. They need to make sure that they use secure protocols and continuously provide firmware updates to devices, preferably on an automated basis. They should also provide educational materials to users with recommendations on how to secure their devices.
Do you think tackling breaches is daunting when it comes to IIoT due to the massive scale of edge devices involved that span wide networks?
Not necessarily. It just comes down to planning and implementation. The issue is that a lot of people unfortunately do not have the time and expertise to accomplish network isolation and segmentation. But as we raise awareness, people will be more thoughtful of the security breaches when proceeding to deployment. This way, we might encounter less of these in future.
According to you, what would be the hot technologies in the IoT security space for 2019?
I think Multi-Factor Authentication will be hot, the use of combination of passwords and a device will be a good drive. I see that there are government regulations around this. People are also leaning slightly more towards badges or any kind of PKI related technology that can be used with IoT.
Do you think emerging technologies such as AI and Blockchain have a role to play in IoT security?
Artificial Intelligence will surely have a role to play in cyber security. We are going to see more automated and smart attacks where they can explore networks and learn data about these networks. To be able to crack an AI attack, we need to use AI ourselves to mitigate the attack. I see AI playing a significant role in cyber security across all industries in future.
With Blockchain it is hard to say. It is a slow technology. But if we implement it in a certain way, change different methods of how Blockchain is being used, it could be used to secure networks.
Do you think the government would be playing a major role in ensuring security?
I don’t think they would be leading the drive. They are trying to start the initiative but there should be viable technology for companies to purchase and implement it. But I believe that we will see more of that come along the way in 2019.