The Internet of Things is Shifting Hackers' Targets

March 11, 2016

Contributor: John Lovelock

Thwarting new threats requires new tools and techniques.

Parents have always worried about their children choking on a small part of a toy, but there are new dangers to worry about with the next generation of toys. Many kids’ toys today are smart toys connected to the home’s network, through which a hacker can gain entry into the family’s home.

Once in control of a toy, a hacker will have access to smart TVs, mobile phones, computers, tablets, gaming systems — literally everything that is connected to the home network. And these devices aren’t always safe. In fact, many of them leverage the cloud for security. The device’s security is also tied to, and reliant on, the security of the manufacturer’s use of cloud and software as a service (SaaS) offerings.

For those thinking this is a far-off scenario, it’s not. There are examples of recent Internet of Things (IoT) breaches, such as compromised dolls, or the VTech data breach that exposed the personal data of 12 million people, including 6.4 million minors. In each of these cases, the privacy of children has been called into question.

New “things” being deployed everywhere are exploding the attack surface. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, growing to 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day. The IoT is creating a tremendous digital business future where interactions between things we wear, touch or utilize become integrated into the digital business fabric. As IoT grows, security risks grow with it.

Many good security tools and techniques are available in the market today, but the new threats can’t be conquered with old tools and techniques. Your new security opponent will be a smart machine, so your new defender must be an algorithm. In the information security market, providers continue to improve their products through greater intelligence awareness, with analytics-focused user interfaces that have the ability to quickly draw parallels between threatening activities, and the use of machine-learning algorithms to classify and detect strange or threatening behaviors.

As the need for enhanced security grows, the security market will experience continued, and relatively strong, growth. Enterprises will continue to grapple with securing cloud and SaaS environments. Many companies have augmented, or are in the process of augmenting, their capabilities to deliver greater cloud and SaaS support.

Business-to-business intelligence sharing is emerging with threat intelligence platforms. These new solutions help simplify collaboration while enabling sharing intelligence about threats. However, the area with the strongest growth is IT outsourcing because many organizations are facing a skills shortage as they deal with the threats within their environments, as well as the compliance risks they face. Regardless of the tight information security resources, they still must properly defend themselves against the rapidly evolving threats.

Discovery of devices, and provisioning new and maintaining security of existing devices will be paramount. Authentication services for emerging IoT devices and protecting the data they interact with will be instrumental. IoT cannot be secured if security management personnel are unaware that the devices are part of the enterprise ecosystem. Protecting endpoints will be very challenging without an automated means to initialize and maintain all the new, diverse devices with secure configurations and security capabilities.    

Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.