In my predictions for 2014, I renamed the Internet of Things as the “Internet of Vulnerabilities.” It’s not my intention to demonize the Internet of Things. We are going to see some amazing technology and real-world solutions brought forth by having so many devices attached to the Internet and it's exciting. But like many new technology trends before it, the implementation of the Internet of Things is rushing forward much faster than security issues are being thought through and addressed.
This is the nature of new trends - security is usually an afterthought. Companies are pushing forward quickly, trying to establish a market. They are thinking of how to meet customer needs, not their security. And no consumer buys into these new ideas because they are secure. They buy into them because they are new ideas.
So, in a well-known pattern, hardware and software will flood the market with no thought to security. It will take a major security incident involving one of these new “Things” before vendors begin to understand and address the security risks these new technologies enable. I expect to see these "incidents" begin in 2014 as the Internet of Things begins to be implemented in large numbers by consumers and businesses.
Vendors will respond and security will ultimately get designed in. Secure coding practices, pen testing and the like, will become part of their quality assurance process, just like it is today with PC software. Some of these “Things” may even get security products built for them. But like the PC software before it, these devices will always face product vulnerabilities discovered in "in-field" products. Vendors will have to devise ways to notify customers and perform in-field updates to protect these customers.
For PC software vendors, this is a well-understood process. They have been through this learning curve and the best companies have simple and safe ways to update products to protect against vulnerabilities and security risks. Symantec has understood this need since the 1990s, when it invented LiveUpdate, a process to update products in the field with the latest security technologies. The Internet of Things vendors will get there. But given how quickly and widely the Internet of Things will be adopted, we are in for a bumpy ride.