IoT security

Nearly 20% of organisations have experienced at least one IoT-based attack in the past three years, according to a survey conducted by global research company Gartner.

The research firm forecasts organisations will increase investments in IoT security to protect their networks and infrastructure.

In 2018 alone, spending on IoT security is expected to increase by 28% from 2017 levels, to reach $1.5 billion and $3.1 billion in 2021.

Ruggero Contu, research director at Gartner, said: "In IoT initiatives, organisations often don't have control over the source and nature of the software and hardware being utilised by smart connected devices.

"We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity..."

The professional services sector is expected to record the highest investment with $2 billion forecasted to be spent by 2021 followed by endpoint security ($631 million) and gateway security ($415 million).

"Interest is growing in improving automation in operational processes through the deployment of intelligent connected devices, such as sensors, robots and remote connectivity, often through cloud-based services.

"This innovation, often described as Industrial Internet of Things (IIoT) or Industry 4.0, is already impacting security in industry sectors deploying operational technology (OT), such as energy, oil and gas, transportation, and manufacturing," added Contu.

Regulatory compliance will drive an increase in IoT security adoption by 2021.

Despite year over year growth in global IoT security spending, Gartner says lack of prioritisation and implementation of IoT security best practices have hindered the market over the past years. Gartner predicts this will hinder potential spend on IoT security by 80% over the next few years.

“While basic security patterns have been revealed in many vertical projects, they have not yet been codified into policy or design templates to allow for consistent reuse. As a result, technical standards for specific IoT security components in the industry are only now  starting to be addressed across established IT security standards bodies, consortium organisations and vendor alliances,” reiterated Contu.