It’s just amazing how many IoT devices we use on a daily basis. In the morning, we wake up asking our Alexa device about the weather; while at work, we dispense foods to our lovely pets using Dogness smart pet feeders; after each workout, we check the calories burned using Fitbit. The list just goes on and on.

Nevertheless, this explosive growth in IoT devices is not limited to the consumer space. In fact, Gartner estimates that there will be 5.8 billion enterprise and automotive IoT endpoints by the end of 2020, which is a 21% increase from 2019. From simple remote payment terminals and asset monitoring equipment to smart building applications and predictive maintenance devices, IoT has become the center of enterprise and industrial organizations.

While Scale Asia Ventures undeniably welcomes the convenience and efficiency that these enterprise and industrial applications have brought, we are deeply concerned about the new security challenges these applications have created for enterprise and industrial organizations.

Factors that make enterprise and industrial IoT security particularly challenging includes:

1. Not all IoT devices were designed with security in mind and many are implemented without encrypted communications. Indeed, 98% of all IoT traffic is currently unencrypted.
2. There is a lack of visibility into both known and rogue IoT devices connecting to the network.
3. Traditional security tools and in-house skills are not adequate to protect IoT devices.
4. There is a lack of clear industry standards governing IoT devices.

Why We Think Security Is Key for Enterprise and Industrial IoT Devices

1. Security incidents involving enterprise and industrial IoT devices are becoming more prevalent and catastrophic.

According to a survey on 403 technology decision-makers conducted by Forrester Consulting in 2019, 67% of the surveyed organizations have experienced a security incident related to unmanaged or IoT devices. This figure was higher in another survey conducted by Irdeto in 2019, in which 82% of healthcare organizations, 79% of manufacturers, and 77% of connected transport organizations reported having at least one IoT-related security incident in the preceding 12 months.

Unlike security incidents in the consumer IoT world which often leads to just mere inconvenience, security breaches in enterprise and industrial organizations accompany catastrophic financial and operational consequences such as operational downtime, damage on the reputation, and compromise of data. In the abovementioned survey by Irdeto, 47% and 42% of the organization responded that the IoT device-related cyberattacks resulted in operational downtime and compromised customer data (keep in mind that the average cost of a data breach in the US is estimated to be $3.86 million). Probably the most well-known enterprise IoT related security breach is the Mirai botnet DDoS attack carried out via 600,000 vulnerable IoT devices. The attack created outages at Twitter, SoundCloud, Spotify, Shopify, and many other prominent online services and the damage is estimated to be upward of $100 Million.

2. Security is the bottleneck for IoT adoption in the enterprise and industrial world.

Security is cited as the number one reason enterprises and industrial organizations are currently forgoing the benefits of IoT devices. In a recent survey conducted by Omdia and IoT World Today, 85% of the respondents agreed that security concerns are a major barrier to IoT adoption. In similar research by Syniverse, 86% of the enterprises reported that IoT deployments have been delayed or constrained because of security concerns.

How large is the opportunity of securing IoT devices? According to the research by Bain & Company in 2017, enterprises and industrial organizations would on average buy 70% more IoT devices if they were secure. Taking this into account and the estimate provided by Gartner, there would really be 9.9 billion enterprise and automotive IoT endpoints by the end of 2020 rather than 5.8 billion if IoT security is addressed.

3. IoT security serves as the first line of defense in the edge computing era.

As IoT devices have increasingly moved to the mainstream of our personal, business, and industrial lives, there has been an ever-increasing need for lower network latency. While a few seconds of delay in response from your Alexa device might not be a huge problem other than a mere inconvenience, latency is everything for autonomous vehicles and surgical IoT devices. This need for lower latency gave birth to a new process: edge computing — a distributed computing paradigm that processes and stores data closer to where the data is generated. According to Grand View Research, the global edge computing market will explode to $43.4 billion by 2027 and Gartner predicts that 75% of enterprise-generated data (a significant portion of it from IoT devices) will be processed at the edge by 2025.

Edge computing creates an interesting security paradox. In design, edge computing is more secure and resilient than traditional cloud computing because of the reduced distance data has to travel and because of its distributed nature (a malicious event on an edge device would be less catastrophic than such event on a traditional cloud). However, edge computing also brings new security challenges because the increase in edge devices expand the surface for cybersecurity attacks and because there will be heightened communication (1) between IoT devices and edge devices, (2) between edge devices, and (3) between the edge device and the central cloud.

As IoT endpoints are at the starting point of the IoT-Edge-Cloud data chain, it would be imperative to secure the IoT devices and prevent hackers and attackers from utilizing them as the entrance to edge gateways.

The IoT Security Startup Landscape

Thankfully, there are 167 startup companies across the globe taking on the security challenges of enterprise and industrial IoT security and the number is growing every month.

‍