The only reason that there has not been a major IoT security breach is because the technology is not yet widely deployed but as interest in the technology grows so do the fears that more vulnerabilities will emerge.
Most discussions about the challenges around IoT have dwelt on the implications on infrastructure but the security industry is starting to talk more loudly about the risks os of allowing greater network connectivity.
Beecham Research has put together a IoT Security Threat Map, which shows that the number of different devices that are involved with supporting a move to wider internet connectivity increase the targets for a cyber attack.
Professor Jon Howes, technology director at Beecham Research, takes the view that once IoT is more widely adopted then it will become a natural and attractive target for attackers looking to tap into both consumer and enterprise environments.
“Traditional M2M (Machine to Machine) applications are typically very focused, using specific edge devices, a single network and custom platform, making it relatively easy for security professionals to secure to the acceptable level,” said Professor Howes.
“But the IoT cuts across different sectors and embraces multiple devices and networks - from satellite to cellular – along with a growing number of IoT platforms and Big Data systems, which present threats on many different levels and fronts. Wherever there is a new interface between devices, networks, platforms and users, there is the potential for a new weak link," he added.
One of the main problems is the absence of a united effort to try and improve security with little signs of a joined up approach being taken by the industry around tackling IoT vulnerabilities.
"We talk about the need for a deep Root of Trust in security and this is even more critical in a complex, connected IoT ecosystem,” said Howes. “This starts at device level with sensors and microcontrollers and continues through the networks, platforms and into the cloud. It’s a massive jigsaw and every piece has to deliver a level of trust to ensure end-to-end security and integrity.”