Virtualization Technology News and Information
Thales eSecurity 2018 Predictions: The Proliferation of IoT Devices will Lead to More Data Breaches in 2018

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by John Grimm, senior director of security strategy, Thales eSecurity

The proliferation of IoT devices will lead to more data breaches in 2018

The proliferation of IoT devices and technology provides new and transformative opportunities for business and industry alike, connecting everyday objects in order to collect and analyse data. At the end of 2017, Gartner predicts that 8.4 billion connected devices will be in use worldwide. That number is up 31 percent from 2016 and is predicted to reach 20.4 billion by 2020. But as with any type of rising technology, its growth and development comes with challenges. As the number of connected devices continues to increase, so too will the volume and variety of vulnerabilities that they are laced with, not to mention the potential impact these could have if exploited.

Here are some security-related IoT predictions for the coming year.

The changing face of vulnerabilities

  • Recent vulnerabilities have been discovered that are bigger and more impactful than ever before, i.e. attacks on Controller Area Networks (CAN Bus) systems, which are found in all modern cars and can interrupt vehicle safety functions. Rather than being based on specific products or specific vendors, these vulnerabilities are something bigger, and more wide-ranging. Some products that have been around for years are now facing the discovery of lurking vulnerabilities, which is causing us to question trust in established products as well as new ones.

Acceleration of consolidation

  • The number of IoT products and platforms is huge and growing, as well as the number of security bodies, initiatives and standards that are coming out. It is inevitable that we'll begin to see consolidation and standardization, particularly around IoT platforms, with over 300-400 different platform products available now. As the market matures, the shake-out will begin.

Safety and security as one

  • As we look at the IoT, especially at Operational Technology (OT) type environments and manufacturing plants, where there are industrial systems that are all connected, we're starting to see how the operational world and the traditional IT world will come together. We will see continued merging of traditional safety (e.g. safety of employees) and IT security. And the more connected devices we see, the more prevalent this integration will become.

Focus on consumers

  • We will continue to see product manufacturers, particularly on the consumer side, delivering either no security or very poorly implemented security. Consumer awareness of security issues around the IoT will start to increase, but probably not enough to impact their buying behavior. Consumers are driven by cool features and low cost, and security isn't going to stop most of them from buying those products just yet - but the same people that enjoy turning lights on or ordering pizza from their couch might start thinking a little more about the privacy of the other things they say around their smart home devices.
  • On the other hand, product manufacturers that chose to invest more in security (either consumer or enterprise), will learn that it's harder than they think. Encryption is easy - there's plenty of open source code out there, as well as guidance on good algorithms and key lengths to choose - but doing it well (protecting the key, separating it from the data it protects, and managing it throughout its lifecycle) is another story. Expertise in this area is in short supply and great demand. We will continue to see even the well-intentioned people who are trying to build in security stumble, leaving vulnerabilities that can lead to unfortunate consequences.

Analytics tools

  • The exciting tools in IoT right now are the analytics tools that try to make sense of all the data, and the visualization tools that try to bring that analysis to life. Vendors of these solutions are seeing their prospects and customers ask harder questions about data protection. After all, if the data can't be trusted, any effort and resources expended on collecting it, managing it, and analyzing it is wasted. Expect the pendulum to swing to put more focus on device identification and authentication, and data protection from the point of collection all the way through intermediate and final points of collection.

Along with all the challenges in the IoT comes great potential. Those that can harness it and use it as a competitive advantage stand to position themselves for big wins. And those that see that security can truly be an enabler might just be the ones to start to separate themselves from the pack.


About the Author

John Grimm 

John Grimm, senior director of security strategy, Thales eSecurity

John has extensive knowledge of the cybersecurity market with a particular interest in cloud security and the internet of things (IoT) and is responsible for security strategy at Thales eSecurity. He has more than 25 years of experience in the information security field, starting as a systems and firmware engineer building secure cryptographic key distribution systems for government applications, and progressing through product management, solution development, and marketing leadership roles. He received his bachelor's degree in electrical engineering from Worcester Polytechnic Institute in Worcester, Mass., and is a member of Tau Beta Pi, the engineering honor society.

Published Thursday, January 11, 2018 7:09 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>