Security concerns and the benefits of 5G -- IoT and edge predictions for 2020
Internet of Things devices are now an accepted part of our home and business lives. They've led to increased focus on edge computing too thanks to the large volumes of data they generate, but what do industry experts think is going to happen in this sector in 2020?
Karl Sigler, threat intelligence manager at Trustwave SpiderLabs thinks the dev-security lifecycle will become the Achilles heel for IoT devices. "IoT devices are not getting any safer. With the huge influx of IoT devices in homes and organizations, the attack surface targeted by criminals is just getting larger and more diverse. Manufacturers and developers need to take the security reins. But today's IoT solutions are often missing security quality assurance during their product development lifecycle. High bandwidth, direct connections to the internet via 5G will increase the threat of Mirai-like botnets. These direct connections will also provide attackers the ability to bypass perimeter protections that are normally in place in homes and organizations. All manufacturers should add security vetting to their product development lifecycle, especially with the cloud and 5G in mind, to get IoT device security in check before the number of vulnerable devices in the market becomes overwhelming."
Mark Samuel, CEO of Ezlo Innovation, a global leader in the development of smart solutions for homes and businesses thinks, "All-in-one connected devices -- such as WiFi access points with smart speaker and hub capabilities -- are becoming more and more common. From a consumer convenience perspective, this seems to make sense -- however, it begs the question, who is this product best for? The consumer or the manufacturer? Brands like Amazon and Google building walled gardens further ecosystem lock-in and limit consumer choice causing frustration and confusion. Smart home devices should solve real problems and offer real value, not simply further a manufacturer's business goals."
Experts at Optiv Security believe that cybersecurity basics will continue to vex consumers and enterprise organizations when it comes to using devices. "Whether insufficient passwords, lack of education and training around phishing attacks, or simple upkeep and compliance, the tiny details of cybersecurity will continue to be the cause of a vast portion of compromises. Simple passwords (those without special characters or are extremely obvious, such as 'password123') only take minutes to crack by professional hackers and can be done inexpensively."
Jeff Clarke, Dell Technologies' chief operating officer and vice chairman thinks, "The 'Edge' continues to evolve -- with many working hard to define exactly what it is and where it exists. Once limited to the Internet of Things, it's hard to find any systems, applications, services -- people and places -- that aren't connected. The edge is emerging in many places and it’s going to expand with enterprise organizations leading the way, delivering the IT infrastructure to support it.
"5G connectivity is creating new use cases and possibilities for healthcare, financial services, education and industrial manufacturing. As a result, SD-WAN and software-defined networking solutions become a core thread of a holistic IT infrastructure solution -- ensuring massive data workloads can travel at speed -- securely -- between edge, core and cloud environments. Open networking solutions will prevail over proprietary as organizations recognize the only way to successfully manage and secure data for the long haul requires the flexibility and agility that only open software defined networking can deliver."
Mike Riemer, chief security architect at Pulse Secure believes regulatory requirements need to catch up to reduce IoT and IIoT device security exposure, "After years of haplessly watching technology race ahead of regulation, governments around the world have started to enact regulations to protect consumers and mitigate security risk. A big focus for 2020 will be the increase in regulatory requirements around IoT and IIOT devices as they proliferate in corporate networks and OT systems. When organizations do not know where a device is on their network, or who it is communicating with, that poses severe security risks. And, as more organizations adopt IoT and IIoT devices in the workforce, there need to be security policy and controls in place. In the United States, much of this regulatory reform has been spearheaded by the state of California, which recently passed SB-327, the first law to cover IoT devices. It will take effect January 1, 2020, and regulators around the world will certainly be watching to see how effective the legislation is at minimizing security risks from IoT devices. Since the regulatory laws often have a cascading effect, we can certainly expect to see similar bills appearing across the country and eventually at a federal level. Organizations will need to make sure they, or any third-party security vendors, are compliant to protect IoT devices and the information they contain."
The security of connected vehicles is a worry too, Frank Schneider, director of product management for CalAmp thinks, "IoT vulnerabilities are a definite area of concern in recent years. In 2019, we will see companies streamline and integrate data from additional sensors on to a single data stream to simplify data handling and security."
Mike Nelson, vice president of IoT security at DigiCert agrees, "We will see more public exploits on IoT devices that will cause regulators to strengthen their position on IoT security. More global governments will introduce IoT security regulation." Nelson also thinks, "We will see industries come together in an effort to create standards for securing IoT devices in their industry. These efforts will be an attempt to avoid regulation."
Soudip Roy Chowdhary, CEO, Eugenie.ai at Fractal Analytics thinks we're at a key point, "The world economy is going through a pivotal moment with the introduction of Industrial 4.0 and associated technologies. Artificial intelligence, the Industrial Internet of Things (IIoT), will continue to play an important role in this new revolution while associated technology, like 5G or blockchain, would act as catalysts for its wide adoption across different domains and functions."
Dave Weinstein, CSO of Claroty is concerned about the effects of 5G. "More things will be connected, which equals a greater attack surface, for example, smart cities and buildings are increasing in number. 5G connectivity will expose legacy systems in cities, enabling connections to new threats as well as an increase in new connected buildings and factories running off the same infrastructure. 5G is going to expand the scope of OT security in the same way as IT/OT convergence exposed manufacturing plants and factories to threats. 5G opens the aperture to common everyday use cases that affect the public at large."
Photo credit: asharkyu / Shutterstock