[BreachExchange] IoT Investment in Light of Security: Is It a Risky Proposition?

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 10 20:01:34 EDT 2017


http://www.econmatters.com/2017/08/iot-investment-in-
light-of-security-is.html

News of a proposed US bill that would legally secure the ever-expanding
Internet of Things (IoT) has once again raised the issue of its potential
and, moreover, its potential value. Tech experts have been espousing the
value of IoT for the last five years, but insiders have also long warned us
about its dangers.

Indeed, it's possible to go back to a 2014 article by The Guardian's Tom
Brewster in which he points out that many early players in the IoT weren't
taking a "security-by-design" approach. At that time, Brewster lamented
over the control area network (CAN) bus protocol in vehicles and suggested
anyone able to hack into the system could effectively control a company's
fleet of trucks, for example.

Recent Ransomware Attacks Put IoT Growth in Danger

In 2017, issues of CAN vulnerabilities have taken a backseat to more
pressing concerns such as ransomware. By its very nature, ransomware is a
type of malware that infects a network and encrypts data files until such
time that a ransom is paid to the attacker. According to expert breakdowns
of ransomware attacks, they take advantage of "human, system and network"
vulnerabilities. Based on this, IoT and its myriad of contrasting yet
connected devices is an obvious target. That would mean that it would be
physical devices and not digital files that criminals will be able to hold
hostage and render unusable until the ransom is paid.

Indeed, when WannaCry infected an estimated 200,000 computers across the
globe, it compromised the files of 50 NHS hospitals in the UK. As well as
highlighting the ever-present danger of ransomware, the 2017 attack called
into question the security provisions of a major organization such as the
NHS. According to 2015 report by MarketResearch.com, IoT is set to be worth
$117 billion in the healthcare sector alone. However, if one of the world's
leading healthcare providers can't protect itself from ransomware, that
calls into question IoT's place in the sector moving forward.

This threat seems possible to combat, though, and tech experts, academics
and even politicians are trying to take the necessary steps. As US senators
Cory Gardner and Steve Daines (Republicans) and Mark Warner and Ron Wyden
(Democrats), put forward their IoT security proposal in July 2017, they did
so with the intention of protecting IoT services used by the US government.
Citing "obvious market failure," the senators have taken guidance from
experts at the Atlantic Council and Harvard University in a bid to make the
government's IoT provisions more secure.

Legislation Makes IoT a More Attractive Investment

Under the proposal, all vendors supplying internet-connected devices to the
US government would have to be patchable, compliant with industry security
standards and have changeable passwords. Additionally, the bill would
expand legal protection for researchers carrying out "good faith" hacks in
order to better understand common IoT vulnerabilities. Although the
proposals are in their infancy, they are a clear indication of both the
need to secure IoT and, moreover, for the need to make it a more viable
technology for major organizations such as the US government. The proposed
legislation could set a precedent that could be followed across the private
sector; something which could then make IoT a more legitimate investment
opportunity.

Indeed, current estimates from researchers working with the senators
suggest that there could be as many as 30 million devices connected to the
internet by 2020. On top of this, IDC predicts that by 2020 IoT's value as
an industry could be as much as $7 trillion across the whole IT industry,
while a McKinsey Global Institute report estimated IoT could generate $11
trillion in economic value by 2025.

Whichever way you look at it, IoT and the connectedness of internet enabled
devices is only moving in one direction. As an investor, this is clearly
the market to be in, but only if security issues such as ransomware can be
addressed. Moves by the US government are an encouraging start, but more
will have to be done if we're to avoid some major cyber catastrophes. When
it comes to potential value, IoT is certainly a market tech investors
should be hot on right now. However, the industry as a whole must improve
if it wants to avoid burning these investors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170810/242fc098/attachment.html>


More information about the BreachExchange mailing list