The IoT tsunami is coming

I have to admit: I have not been very focused on IoT.

When I hear IoT, I often think about connected homes, cars and security cams.

It’s so much more – and its growth projections are worth noting.

Some recent IoT facts that caught my attention:

• Global IoT market share is projected to grow from 249 billion in 2018 dollars to 457 billion dollars in 2020
• $ 6 trillion will be invested in IoT solutions over the next five years
• In 2020, 90% of vehicles will be internet connected
• In 2020, 173.47 million wearable devices will be in use
• In 2020, smart cities will have a 26% share of IoT
• In 2020, industrial IoT will have a 24% share of IoT
• In 2020, connected health will have a 20% share of IoT
• In 2020, smart homes will have a 14% share of IoT

Source: SC magazine, Oct 2018

What does all of this mean? How will we manage and secure all of these devices? We already stumbled pretty bad moving from mainframes to client server, connected laptops and smart phones. We simply moved too much data too fast to unsecured devices. See the OPM data breach. The same government that wanted to hurry and get all medical data online could not secure its most prized clearances of its highest-level staff, including military officers and the FBI director.

I like to explain it like this: Early computer systems in the ‘70s were like a castle with one gate in and out. Then client-server came, and it was like an apartment complex with hundreds of doors in and out of the enterprise. Now we’re about to experience a tsunami, a 100-foot tidal wave of IoT devices within every sector.

• 45% of IoT buyers say concerns about security remain a significant barrier
• 93% of executives said they would pay more for devices with better security

Source: SC magazine, Oct 2018

Brian Krebs of Krebs on Security recently called out Xiongmai as the technology giant doing the most damage in polluting the web. Xiongmai is a Chinese maker of electronic parts that power cheap digital video recorders and IoT security cameras. These cheap devices have poor default passwords and other security settings. IoT devices are not easily configured, so most consumers just plug and play/

What users of these devices should do instead is plug and pray…as in pray that the device has some standard of security out of the box.

But generally, this simply isn’t the case. In 2016, we witnessed the disruptive power of Mirai, a powerful botnet that chocked the internet via IoT cheap cameras and DVRs with poor security settings.

This is just the beginning of just how devastating these IoT devices can be if not properly managed and secured. The time to let manufacturers know that we won’t tolerate substandard cheap devices flooding the internet is now!

This is not so hard for corporations with security departments that know better, but how do we educate our families and friends? Today’s consumers seem to buy anything that appeals to them: the devices are tempting, and fueled with impressive, can’t-say-no marketing techniques.

I believe our government has to step in and set standards of what’s acceptable. If not, we will continue to be flooded with these cheap and destructive devices that will steal our identities, violate our privacy and disrupt our internet connectivity.

Look at the smartphone. What was once a luxury is now the preferred way we all communicate.

I love my AT&T carrier, Apple Iphone XS Max, 7 billion transistors that do 5 trillion operations per second. It’s a great phone, with applications galore and wonderful internet connectivity. If only I could stop all the unsolicited calls that constantly violate my peace and privacy.

Every technological advance can and will be exploited at some point, but if we think before we quickly push devices out into consumer’s and corporation’s hands – if we build security and privacy in to start with – we’ll have a better handle on what can go wrong.

Take medical devices, for instance. Per a recent study by Trend Micro, more than 100,000 medical devices were discovered to be insecure. Think of an infusion pump precisely monitoring the flow of a lifesaving fluid into your loved one. Don’t think it can be hacked and the dosage changed? Think it doesn’t happen? The HIPAA journal recently featured a study done by Vanderbilt University that suggested healthcare data breaches cause 2,100 deaths a year. Was this IoT related? I don’t know, but the evidence of what can happen with unmanaged, unsecure IoT is powerful and must be addressed.

So, where to now? Want to learn more about IoT? It really applies to everything: medicine, health, transportation, smart cities and smart homes. The excellent book “Internet of Things, for Things and by Things” by Abhik Chaudhuri has my full attention. It’s well written and covers all things IoT.

Those of us in security, privacy, governance and risk management can’t ignore IoT any longer! It’s coming like a tsunami and we better hold on and have a plan.

One thing’s for sure: IoT will change everything, in all sectors!