The Line Between Conventional IT and IoT is Blurring Quickly

The Internet of Things (IoT) is set to overtake mobile phones as the largest category of connected device by 2018, as per the latest Ericsson Mobility Report. Of the 28 billion total devices that will be connected by 2021, nearly 16 billion will be IoT devices. It further states that between 2015 and 2021, the number of IoT connected devices is expected to grow 23% annually.

This thriving growth in IoT devices is fueling the booming IoT market. But, at the same time one cannot escape the reality that these devices are also significantly expanding the attack surface. In fact, IoT devices are more accessible to malicious threat actors. “While IoT driven technology is a boon and a great move in the right direction, it does indeed, open whole new avenues of attacks and undesirable activity. Its security is as much an area of concern as its utility value,” says Jaspreet Singh, Partner – Information Security, EY.

One of the reasons for this could be that the companies producing the IoT devices are mostly startups, which can't bear the cost of an army of security experts and white hats to ensure secure deployments. Another reason is that many of these IoT devices are by-design inexpensive to manufacture, which means companies are less likely spend more dollars on securing them. Thus, commodity pricing places an enormous strain on security engineering and maintenance of IoT devices.

However, leaving them non-secured is really not an option, especially when they’re going to be an integral part of critical systems such as traffic management, hospital and healthcare management, etc.

Singh points out that usually there are two aspects to securing such sensors – physical and logical. Cost of physical hardening of the devices can easily be absorbed over time in mass production; logical security is a vital aspect where the IoT designers will need closer collaboration with cybersecurity players.

Manufacturers of IoT devices are advised to leverage expertise of industry experts like Ernst & Young to help them firm up their security. In fact, the consulting major has well established vulnerability testing offerings that can be well adapted to assess issues with IoT elements.

Standards bodies will have a critical role to play in the arena of IoT security. So far, almost all the devices generate minimal amounts of security/access activity logs. Furthermore, there is no standardization or uniformity in these logs, thereby, rendering them rather difficult to work with in modern (IT centric) event monitoring systems. Advent of standardized logs with emphasis on notifying events of anomalous behavior in this area would be a great step forward towards securing such systems.

Singh envisages the line between conventional IT and IoT blurring very quickly in the near future. “The next generation of event monitoring and other security tools will certainly recognize the import of and account for IoT centric attacks. Correlating of information from IT and IoT elements is (practically) around the corner,” he concludes.

Categories: Internet of Things

About Author

Orange Themes

Rahul Neel Mani

Rahul Neel Mani is the Co-founder and Editor of Grey Head Media. Rahul has nearly 20 years of experience in ...

Read more

Write a Comment

Your e-mail address will not be published.
Required fields are marked*


Recent Comments