As cyberattacks against the enterprise continue to escalate, threat actors will find any open channel possible to compromise a network.
Unpatched PCs, outdated mobile devices, and IoT products are only some of the targets that hackers will utilize to breach security.
As we have seen through cases such as the Mirai botnet, Internet of Things (IoT) devices -- including smart lighting, intelligent office products, and security systems -- are often limping behind when it comes to acceptable security standards.
Hard-coded credentials, lax passwords, and old firmware which is susceptible to exploit is a headache for businesses and consumers alike as it only takes one vulnerable connected device to expose a supply chain or network to attack.
In light of these problems, the enterprise -- of which 20 percent are estimated to have witnessed at least one IoT-based attack in the past three years -- is set to increase budgets to prevent IoT-based attacks.
On Wednesday, Gartner said worldwide spending on IoT security is set to increase to $1.5 billion in 2018, an increase of 28 percent from an estimated $1.2 billion spend in 2017.
The research firm's survey, originally compiled by CEB, also adds that IoT security spending is expected to reach $3.1 billion by 2021.
According to Ruggero Contu, research director at Gartner, organizations do not currently have "control over the source and nature of the software and hardware being utilized by smart connected devices," and this will push investment further.
Perimeter security solutions, monitors, and potentially the use of artificial intelligence (AI) and machine learning (ML) software may be able to cast a protective net over smart, connected devices, which are likely to increase in number and variety over the coming years.
However, Gartner also suggests that through 2020, a lack of best practices and tools in the implementation of IoT will hamper the potential spend on IoT security by 80 percent.
"Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed," says Contu. "However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc."
Regulation is also expected to play a part in future IoT investment decisions. Data protection is being taken more seriously across the globe -- with the EU's General Data Protection Regulation (GDPR) soon to come into effect -- and IoT devices are not exempt from the regulatory concern.
While basic standards and protocols for smart, connected devices are still fragmented and no substantial rules have been adopted at a minimum level, industry-wide technical standards are expected to come into force in the coming years, driven in part by heavily regulated industries such as the industrial sector and healthcare.
"Interest is growing in improving automation in operational processes through the deployment of intelligent connected devices, such as sensors, robots and remote connectivity, often through cloud-based services," Contu added. "This innovation, often described as Industrial Internet of Things or Industry 4.0, is already impacting security in industry sectors deploying operational technology, such as energy, oil and gas, transportation, and manufacturing."