More and more gadgets are joining the Internet of Things, or IoT; the network of ‘smart’, internet-connected devices in the home and beyond. This encompasses everything from smart TVs and smart toasters to food-ordering fridges, self-driving cars and app-controlled lights, heating and locks. It’s estimated that in a matter of years it will be almost impossible to buy an electrical appliance that isn’t a smart online device.
But convenience and connectivity come at a cost – and thanks to the valuable data that IoT devices collect about their users, they’ve become tempting targets for cyberattacks, which can leave the whole home vulnerable. This could well be without you having any idea that it is happening.
Liviu Arsene, senior e-threat analyst at Bitdefender, explains: “Since these devices are usually connected to the same network as computers and smartphones, they have access to critical personal information such as biometric data.
“Attackers can use a vulnerable IoT to move laterally and infect other devices with ransomware or other malware, they can use smart cameras and baby monitors as surveillance equipment, and pretty much have access to everything in your home that’s internet connected.”
This could be the start-up idea for you as there certainly is a growing need to protect IoT devices.
Starting an IoT security business: Why it’s a good business idea
It’s estimated that in 3 years, 22.5 billion devices worldwide will be connected to the internet. Manufacturers without security expertise are getting in on the act quickly, often developing products which often end up unsecured. Profit is coming way ahead of security and this does not seem to be changing much up until now. IoT devices have easily guessable default passwords and unpatched operating systems that don’t update automatically – leaving an opportunity for tech entrepreneurs to provide these missing security measures themselves.
Following a whole host of heavily-publicised security breaches, these measures are in high demand as consumers wise up to the risks posed by their gadgets.
To name just two in recent history, when the world faced the consequences of an IoT attack on 12 May 2017, when WannaCry ransomware infected over 230,000 computers in more than 150 countries.
The devastating attack on up to 70,000 NHS devices – including MRI scanners, operating equipment, blood storage units and computers – were affected, with hospitals forced to refuse patients and divert ambulances in an incident reported on by major media outlets, including the BBC.
Thanks to this increasing public awareness, IDC estimates that global spending on IoT security will hit $547m this year – a staggering leap from 2016’s $348m – while Marketsandmarkets.com predicts that the IoT security market, already worth $6.6bn, will expand at a compounded annual growth rate of 34.4% per year to hit a whopping $29bn in 2022.
Clearly, IoT security is a potentially lucrative business sector, and funding is available for start-ups joining it – CloudPost Networks and MagicCube are just two start-up examples, the former of which raised $4m seed funding in June last year while the latter brought in an $8.5m Series A in August.
IoT security business opportunities
There are two start-up opportunities to be found in the burgeoning demand for IoT security: to develop an IoT device – or range of devices – that has water-tight security measures in place, or to build separate security products tailored to IoT devices.
When it comes to developing new IoT gadgets, potential can be found in the most unlikely of household objects – just look at Kolibree’s smart toothbrush Ara, which collects data on brushing habits and uses AI to provide feedback, or the HiMirror Plus, a smart mirror which assesses its user’s skin and recommends tailored skincare routines.
Whatever you opt to develop, all IoT devices are complex and require a multi-faceted approach to truly protect them. As a basic starting point, load your device with the latest firmware and security patches and ensure that it includes the mechanisms necessary to search for updates and carry these out regularly – this is crucial if the device is to continuously stay ahead of emerging threats and vulnerabilities, and a capability that a great number of current IoT gadgets lack.
Make it compulsory for users to set up their own unique login details, and set rules for password strength. Suggest that they connect the device to a separate network to the one their computers and phones are on – most routers allow guest networks which can be used for this.
If developing security products and services for pre-existing IoT devices appeals more to you, the first step is to decide whether you’d like to offer all-encompassing solutions or focus on a niche area of the IoT – and whether you’d like to offer your product to homes, businesses or both.
Israel-based start-up Argus Cyber Security, for example, specifically protects smart cars from cyberattacks, while Dojo-Labs has created a product which monitors a home’s network and all its connected devices to protect them from unauthorised access. Meanwhile CyberX’s XSense platform gives businesses in manufacturing, energy, water, chemical and transport industries a dashboard which reveals IoT security threats in real-time.
It’s worth remembering that products such as remote door locks, internet-enabled children’s toys, connected medical equipment, and devices which boast cameras or microphones tend to call most urgently for security against cybercriminals – so these could be worthwhile routes to explore, whether you’re designing something to protect them or developing new, more secure versions of them.