The estimated growth of devices connected to the Internet is staggering. By 2020 Cisco estimates that 99% of devices (50 billion) will be connected to the Internet. In contrast, currently only around 1% is connected today. The sheer numbers as well as the complexity of new types of devices will be problematic. Although traditional computing devices such as personal computers, tablets and smartphones will increase, it is the Internet of Things (IoT) which will grow significantly, to around 26 billion units. That represents nearly a 30-fold increase according to Gartner.
The industry is in a vicious fight protecting current platforms, such as PC’s from malware and compromise. New malware is generated at a mind boggling rate of ~200k unique samples each day. With the rise of smartphones and tablets, we are witnessing the fastest growth of malware in this sector and expect the complexity of attacks to increase. Security companies work tirelessly to keep up with the increasing pace.
But the wildcards to this equation will be the radical growth of IoT devices which have different architectures, software, and usages. Wearables, transportation, and smart appliances which will grow at an alarming rate. These represent challenges as they will differ greatly from familiar computers and longstanding security controls will need to be reworked or rethought entirely. The processes and tools currently in use by security organizations are not easily extensible to meet the new challenge. This will give attackers a diverse area to scrutinize for vulnerabilities and new opportunities to exploit for their gain.
Security resources across the industry are already stretched thin. It will be very difficult to adapt to the new scope, requiring new tools, expertise, and ways of thinking. The security industry is not giving up and throwing in the towel just yet, but the challenge they face is undeniable.
Product vendors can play an important role by designing and testing products with security in mind. Such hardening techniques can reinforce both hardware and software to deny attackers opportunities of compromise. Hardware features, software capabilities, and security services must be designed to work together for maximum effect. This holistic strategy is necessary to establish a common front of cooperative defenses. Security services must look ahead and begin adaptation to serve emerging form factors, supporting infrastructures, and user demands.
Perhaps most importantly, the everyday user must begin to take responsibility for their own security. Users have a tremendous amount of control over their security and can strongly influence the industry by demanding proper embedded controls. User behaviors must shift to more reasonable actions. Not every link must be clicked. Not every survey or request for personal information must be fulfilled. Not every application, including those from untrustworthy sources, must be installed. Socially, we must act with more discretion to protect our valuables.
Our world is changing quickly with the staggering increase of interconnected devices melding into cyberspace. The security risks rise equally as fast. We will face challenges, but it is up to all of us to determine how secure we will be.
Matthew Rosenquist is an information security strategist, with a passion for his chosen profession. Benefiting from nearly 20 years of experience in Fortune 100 corporations, he has thrived on establishing strategic organizations and capabilities which deliver cost effective information security services.
Find him on Linkedin
Follow him on Twitter (@Matt_Rosenquist)
Follow his blog at Information Security Strategy
Check out his previous posts and discussions