These IoT Pros Will Keep Your Products and Service Secure

With the right, multifaceted security plans in place and people with key security skills to help construct them, businesses can successfully mitigate IoT security risks.
Published: September 12, 2016

The Internet of Things isn’t just catching on—it’s full steam ahead. Last year, 64 percent of businesses Gartner surveyed said they were planning to implement IoT solutions. This is creating an arms race to establish the secure, scalable systems to support these projects.

“Secure” is the operative word here. IoT projects need to be more than protected—they must be air-tight. McKinsey estimates that the cost of ineffective cybersecurity will reach $3 trillion by 2020. Given that the number of connected devices is predicted to reach 20.8 billion by 2020, the need for IoT security is at an all-time high. All of these factors are creating an atmosphere of hesitation around IoT adoption.

To mitigate these mounting privacy concerns, companies are increasing their security investments. IoT security spending is expected to reach $348 million in 2016. Companies of all sizes are investing in specialized talent to help tackle these security concerns head-on. So what types of professionals are needed to support the many facets of IoT security? Here are four of them.

IoT developers to program secure device software and encrypt sensitive customer data
At the device level, IoT ecosystems can be vulnerable to attacks due to insufficient wireless protocols and insecure device firmware. A 2014 study by Hewlett-Packard found that 70 percent of IoT devices were vulnerable to an attack. Each of the ten most popular IoT devices tested had on average of 25 vulnerabilities, ranging from issues like insufficient authorization or authentication and lack of encryption to insecure web interfaces.

Whether it’s a mobile point-of-service system or an off-the-shelf smart appliance, embedded IoT software and wireless connections have to be protected. Otherwise, you risk bringing devices to market that are so riddled with vulnerabilities that sensitive customer data could be transferred or accessed by nefarious parties.

The interfaces that consumers and businesses use to access IoT devices need to be secure as well. Software frameworks with a focus on security are in demand, like Spring Security, a Java framework known for excellent built-in authentication and authorization measures.

Security engineers to upgrade IT infrastructures
It’s not just consumers who are at risk. As hacking via IoT networks grows more common, businesses will need secure systems and the people to audit them regularly. Infrastructures must be as close to fail-proof as possible, with comprehensive plans in place to ward off threats. This is driving a demand for security infrastructure professionals (up 194 percent*), security engineering experts (up 124 percent*), and network security experts, a field showing 46 percent* growth. Security engineering will be particularly important as IoT interfaces often require strict authentication and permissions schemes for multiple users. Demand for firewall development has jumped by 71 percent*, an important network security measure that helps block data interceptions and unauthorized access to a server.

Internet security pros to lock down the transport of sensitive data
What about all the IoT data? When it’s sensitive information, like financial or medical data, businesses need to implement sufficient authentication and secure communication channels between everything and the cloud. Even the most innocuous data can be dangerous, whether it’s user credentials to gain access to a network, or information that adds a level of legitimacy to a phishing campaign.

The internet itself is considered an unsecured network, but the IoT leans heavily on it. Internet security skills jumped by 11 percent* recently. This field includes encryption, data-transfer protection, network security and browser security, which are important to safeguard the IoT’s web-based interfaces.

Vulnerability assessment and security analysts to create holistic, preventative plans of attack
Before rushing an IoT project to market, every business should take a thorough approach to identifying potential security threats, assessing every angle of the IoT for vulnerabilities before a layered plan is created.

Click on the above image to view a larger version.

Penetration testing of an IoT ecosystem—which involves deliberately probing networks for weaknesses—should be conducted prior to going to market. Once vulnerabilities are detected and ranked for risk level, any countermeasures for these attacks can also be tested for efficacy.

IoT security is no longer an afterthought, and the security analysis field has grown by 32 percent* to meet this demand. Vulnerability assessment has seen a 33 percent* jump, and these professionals are going to be key players in identifying potential IoT security problems and heading them off with “protect, detect, and react” security plans.

Closing the IoT security gap
It’s time to close the security gap, because there’s no slowing down where the IoT is concerned. With the right approach to security, businesses can successfully mitigate IoT security risks while also benefiting from the productivity, efficiencies, and unprecedented learning this industry can yield.

*Data is sourced from the Upwork database and is based on annual job growth—specifically, on the number of jobs posted on Upwork from October 2014 to December 2015.

Ryan Johnson is the categories director at Upwork, where he leads a team of category managers responsible for developing growth initiatives for the marketplace work categories, including information technology, sales and marketing, design and creative, and administrative and customer support. Johnson has held senior product-management positions at Upwork and other tech companies. He holds a Bachelor of Science degree in decision sciences and management-information systems from George Mason University.