IoT cybersecurity is a snowballing channel opportunity
By: Tara Seals
The Internet of Things (IoT) promises to revolutionize the way consumers and enterprises interact with hardware in their daily lives – making the connected world pervasive and in some ways, inescapable. Against this backdrop, cybersecurity has come to the forefront and offers channel partners a rich new vein of opportunity.
By 2020, there will be nearly 21 billion devices connected to the Internet, including smart refrigerators, water meters, wearables and even binoculars, according to IDC. And according to Spiceworks research, the presence of IoT devices in the workplace has already rapidly increased across the board in the last 18 to 24 months – with networks having to handle everything from connected video equipment to appliances, smartwatches to GoPros.
This state of affairs will make our all-digital lives that much more productive, collaborative and efficient (in theory), but there’s a significant downside. With so many connected things out there, the threat landscape will only widen.
After all, each connection is a potential portal into a consumer’s personal information, or an additional way into an enterprise network rich with competitive and personal information.
Further complicating things, IoT also means the interconnection of devices within the existing Internet infrastructure. So, everything is connected to the Internet but also to each other. As such, IoT is expected to offer advanced connectivity of devices, systems and services that goes beyond machine-to-machine communications (M2M) with a variety of protocols, domains and applications.
Bottom line: more connections and more portals for the bad guys to target.
An Escalating Threat Landscape
It’s not like the bad guys don’t already have plenty of targets: data breaches, put simply, have become the norm. In the healthcare vertical alone, a full 89 percent of organizations and 60 percent of their third-party business associates have experienced data breaches during the past two years, according to the Ponemon Institute. And 79 percent of healthcare organizations experienced multiple data breaches (two or more) in that time period – up 20 percent since 2010.
More than one-third, or 34 percent, of healthcare organizations experienced two to five breaches. And nearly half of healthcare organizations, or 45 percent, had more than five breaches.
Criminal attacks are the leading cause of data breaches in the vertical, up 5 percent to 50 percent this year. Medical records are the most commonly exposed data, followed by billing and insurance records, and payment details.
Critically, while the majority of breaches are small (under 500 records) and are not reported to the U.S. Department of Health and Human Services and the media, the financial impact is significant. Overall, breaches in healthcare are costing the industry a whopping $6.2 billion per year.
Unfortunately, businesses across the board, from retail to finance to SMBs and beyond, are facing similar statistics. And at the heart of their crisis is the fact that their internal resources simply can’t keep up with the risks.
Consider that as few as one in five (22 percent) of IT leaders believe their organization is “very well prepared” to identify and respond to cyber-attacks, according to research by Harvey Nash and KPMG. And 12 percent now believe their business is exposed in multiple areas.
IoT is already exacerbating the situation. For instance, the number of organizations connecting wearables to their networks has nearly doubled since 2014 – increasing from 13 percent to 24 percent, according to the research from Spiceworks. As such, wearables are expected to be the top source of security breaches among IoT devices in the near term (53 percent of respondents believe this). That’s followed by video equipment at 50 percent, physical security at 46 percent and appliances at 45 percent.
But most companies, despite awareness of potential threats, are doing little to create IoT security postures. Only one in three organizations is actively preparing for the impact IoT could have on their businesses.
The reasons for that lack of prep are myriad: 47 percent said the value of monitoring IoT devices is still unclear, but 38 percent said they lack the time and staffing resources. And 65 percent of respondents say skills shortages are preventing them from keeping up with the pace of change in technology.
“If you look at cyber, it is a multidimensional problem; it’s also unpredictable, intangible and constantly changing,” said George Quigley, cybersecurity partner at KPMG. “It’s a very complex area to try and get your head around. We’ve seen a lot of large and sophisticated organizations breached, so if you’re sitting in an organization that is not as large, not as sophisticated and doesn’t have the same sort of budgets and standing, then culturally you’re also going to have your confidence dented.”
(ISC)2 research shows that due to the predicted increase in demand for information security personnel outpacing the supply, a global cybersecurity workforce shortage will reach 1.5 million within five years. This is despite the fact that researchers Frost & Sullivan predict that the size of the global infosec workforce will actually increase by 6 percent within one year.
As it stands, 62 percent of (ISC)2 survey respondents – from a sample of nearly 14,000 qualified security professionals worldwide – report that their organizations have too few security professionals. Healthcare and education are the two verticals where the shortfall is most keenly felt – 76 percent of respondents from each of these sectors report being understaffed in terms of security.
Channel Opportunity Emerges
This endemic lack of internal cyber-resources opens the door to a big opportunity for channel partners.
“There’s undoubtedly a significant skills gap in cyber,” Quigley said. “There are challenges in terms of getting people with a cyber-mindset; what we’re finding is security companies having to invest time and money in training people. Across the industry we’re probably paying more than you would otherwise do in a normal functioning market because you’ve got to pay to retain people.”
It’s a ripe opportunity for channel partners to leap into this breach. IT distributor Tech Data in May launched its Security and Information Management business unit, which includes the company’s software and network security vendor portfolios, to its channel of solution providers throughout the Americas. The new business unit is strategically focused on customer enablement, reseller recruitment and onboarding new and emerging security vendor partners.
“As the number and complexity of cyber threats continue to increase, Tech Data is developing simplified ways for our solution providers to help their customers identify, protect against and respond to this rapidly evolving landscape,” said Brian Davis, the company’s senior vice president, U.S. marketing.
He added, “The cybersecurity market is expected to grow exponentially over the next several years, and we are well-positioned, both from a skills and scale perspective, to help our solution providers capitalize on market opportunities and proactively address their customers’ security concerns.”
That’s especially true in the IoT space. IoT represents a rich set of emerging applications, within which channel partners can find pent-up demand for smart security solutions. These include wearables, building and home automation, supply chain management, patient information management, energy and utilities management, customer information security, asset optimization, manufacturing process management, communication technology management and telematics.
For channel partners that invest in acquiring the right skill set, the revenue opportunities are staggering. Almost every cybersecurity vendor has a channel program; and the end-user demand is hockey-sticking.
In fact, MarketsandMarkets forecasts that the global IoT security market is expected to grow from $6.89 billion last year to a whopping $28.90 billion by 2020, at a compound annual growth rate of 33.2 percent. Further, North America is expected to be the largest market based on market size and technological advancement.
It should be noted that with the infiltration of modern malware, zeroday exploits and new advanced threats, traditional approaches to security will not succeed in the era of IoT. As a result, collective or shared threat intelligence will be a top priority for IoT security. At the same time, the solutions are myriad. They include information asset management, analytics, encryption, data loss protection (DLP), intrusion detection and prevention (IDS/IPS), distributed denial of service (DDoS) protection, vulnerability management, device management and others.
In addition to the software platforms, partners can offer a range of services: consulting services, managed services, risk assessment, and support and maintenance services.
Also, cloud-based security solutions are providing good opportunities for the growth of the IoT security market by minimizing implementation and maintenance costs, and organizations are shifting toward the deployment of cloud-based security solutions.
For channel partners, adding such IoT security profiles to their portfolios will go hand in hand with connectivity and solution sales, and the time to strike is now. A study from cybersecurity specialist Webroot found that businesses are really taking IoT seriously this year, with 87 percent of respondents saying they will be implementing IoT focused projects and strategies in 2016. And, 68 percent are expecting to see real, tangible paybacks from their investments. Offering security will be a critical piece of the picture.
About ChannelVision Magazine:
ChannelVision is a bi-monthly digital and print magazine, read by channel partners selling all manner of voice, data, access, managed and business services (both on premise and “in the cloud”), as well as, technology, gear, and equipment. ChannelVision is a highly focused and efficient way for service providers, hardware, and software companies to reach experienced channel partners targeting the small/medium business space. Serving a controlled circulation of providers and indirect distributors of communications, network, IT and cloud-based business services, ChannelVision is telecom’s gateway to perspective on how to adapt, what to sell, and how to sell it.