Large-scale IoT security breach coming in 2017, Forrester predicts

Large-scale IoT security breach coming in 2017, Forrester predicts

There will be a large-scale IoT security breach in 2017, says Forrester
Image credit: InfoWire.dk on flickr

There will be a large-scale IoT security breach next year, according to analyst firm Forrester, which gave its 2017 predictions for the IoT space in a report for CIOs released yesterday.

In the report, entitled Predictions 2017: Security and Skills Will Temper Growth of IoT, Forrester predicted that by next year, the Internet of Things (IoT) will be distributed across edge devices, gateways and cloud services, and that IoT solutions will be built on modern microservices and containers that work across this distributed architecture.

It believes that business value will be derived from IoT data as it couples with increasingly powerful AI and machine learning cloud services. “Watch for formalization of this architecture in 2017 from IoT software suppliers such as Bosch SI, GE, IBM, Sight Machine and Xively”.

Forrester also predicts that the first prototypes of smart contracts built on Blockchain will appear, but it emphasizes that these won’t move beyond experimentation and selective trials as developments in the area remain in their infancy.

Related: Microsoft bolts on new security features for Azure IoT

IoT security an accident waiting to happen

After the DDoS attack against cyber-security journalist Brian Krebs in September, there has been a huge focus on the security shortfalls of IoT devices – and Forrester believes the trend of hackers using IoT devices to promulgate DDoS attacks will continue in 2017.

In fact, they believe that the scale of IoT breaches is likely to become bigger.

“When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities such as Heartbleed, especially if multiple IoT solutions include the same open source component,” Forrester stated.

It added that the biggest targets would be the likes of fleet management in transportation, security and surveillance applications in government, inventory and warehouse management apps in retail, and industrial asset management in primary manufacturing – all areas where IoT adoption is rife.

Forrester believes that by next year, vendors will vie for IoT certification attention. “Major vendors like Cisco, IBM, Microsoft and others will invest heavily in low- or no-cost training and certifications while keeping the bar high to ensure that the certifications hold weight”.

Sanjay Parekh, co-founder of smart home security device provider Cocoon, believes the current lack of certification right now is a “problem for the industry”, and needs to be solved in order to accelerate adoption of IoT.

James Wickes, CEO and co-founder of Cloudview, says that he hopes the certification issue can be resolved next year, but he believes only the very large blue chip vendors will focus on certification.

“Many manufacturers of low cost IoT products such as IP cameras view security as an overhead, an expense that acts as an obstruction to sales and complicates technical support procedures. Hopefully, this will now quickly change and manufacturers will start to sell cyber-security as the vital added value feature that it surely is. I think that more should and could be done to protect consumers,” he said.

“For example, the BSI or other such organizations should consider a kite-mark scheme for IoT manufacturers to give users the assurance that the IoT products they are buying are secure,” he added.

Forrester expects 10 industrial vendors to jointly certify their IoT-enabled products with enterprise vendors in 2017, as Rockwell Automation has done with Cisco.

Parekh adds that as well as certifications, there should be IoT regulations put in place in a joint effort by government and industry.

The IoT smart home

The analyst group expects two new categories of smart home technology to jump to 10 per cent of homes in 2017; appliances that offer access to virtual assistants such as Amazon Echo, and smart camera systems such as Canary or Withings Home which combine cameras with sensors and features that enable monitoring family and home safety.

An issue with some IoT experiences is that Wi-Fi often fails to cover the whole house, and Forrester predicts that vendors will inherit some of the cost to ensure that the whole home has wireless coverage.

Related: Cloud Security Alliance issues guidelines on IoT security