Top 10 IoT Security and Privacy Trends and Predictions for 2019

2018 was the year of realisation for all players in the IoT ecosystem, including consumers, that security cannot be neglected. This is especially the case for devices that gather and store personal data. Both data security and data privacy will take center stage in 2019. After GDPR, we expect the US will also introduce unified regulations to protect citizens’ data. India is also introducing similar legislation in its IDPR.

Advanced IoT security tools such as Blockchain and AI are capable of securing data at rest and data in flow respectively. However, 2019 will see a slow transition from traditional to advanced IoT security tools with a niche adoption rate.

We expect a significant increase in overall investment and capital expenses in IoT security industry towards securing IoT products, platforms, the cloud, and services.

The following are the top 10 trends and prediction of 2019 :

Threat Escalation in 2019

  • Collaboration and more partnership among hackers and cybercriminals: Hackers have been categorized into different groups such as traditional hackers, ideological hackers, state-sponsored attackers and hackers-for-hire. Going forward we expect these groups will start to overlap and eventually collaborate for ease of operation. Furthermore, we also expect to see some strategic alliances among these groups of hackers which will take advantage of each other’s products and services.
  • Attack-as-a-service (AaaS): Malware-as-a-service and Ransomware-as-a-service are not new concepts. Their adoption was very niche but highly successful. In 2019, we are expecting malware, specifically ransomware, to increasingly use the remote desktop protocol as an entry point for infection. Furthermore, hackers may create and sell pre-attack packages of malware, exploits, botnets, and other services, which will give cybercriminals the option to choose various off-the-shelf products. Irrespective of cybercriminal experience, they can easily launch attacks with these pre-attack packages.
  • ML as the next weapon: In the past few years, we have seen malware using evasion techniques to bypass machine learning engines. One of the recent examples from 2018 was Plucky ransomware that used InnoSetup to package the malware and avoid machine learning detection. Hence, bypassing the machine learning is already on the criminal to-do list. By the end of 2019, we expect hackers to leverage advanced machine learning tools to automate target selection by exploring and exploiting the vulnerabilities to find less secure systems.
  • Data theft is the new cash-cow for Hackers: 2018 had landmark examples for the biggest data breach in the history of mankind, such as Facebook (87+ Million), MyHeritage (92 Million), Under Armour (150 Million), and allegedly 1.1 Billon records from Aadhaar Program (India’s unique identity mission project). In the past few years, both the digital transformation and IoT has pushed more corporate and personal data to the cloud. In 2019, we expect a significant increase in data breaches, especially at the cloud level.
  • Smart home devices and edge devices will be more vulnerable to attack in 2019: Smart home devices are easy targets to attack and deploy ransomware as they record and store personal data and are, generally, less well protected. Furthermore, edge devices are equipped with limited resources, mostly running on elementary operating systems. Hence, these IoT edge devices are unable to provide any self-defence features, such as the creation of a secure zone to protect stored data and embedded software. Edge devices were found to be vulnerable to sync attacks, false data injection, passive attacks, and malicious nodes.

Security Solution to Secure IoT Ecosystem in 2019

Security Solution to Secure IoT Ecosystem in 2019

  • Collaboration and more partnerships among cybersecurity solution providers: Cyber Threat Alliance is one of the best examples of these collaborations that formed to improve the cybersecurity of the global digital ecosystem. These collaborations bring unique resources that bundle the talents and skills of IoT security companies to bring their best solutions together to create more concerted offerings that can not only fight back against malware and botnets but even learn and evolve.
  • Multi-factor authentication and device identity intelligence: Identity is a fundamental component in securing IoT. Secure identification between the device and human or vice versa was one of the past hurdles. Securing identity between device-to-device interactions and avoiding malicious duplicity is the key to securing IoT in 2019. The identity model has shifted from user-centric in traditional IT systems to machine-centric for IoT systems. Furthermore, multifactor authentication and identity intelligence by complementing each other will become the preferred methods to provide IoT security in 2019.
  • ML as Shield: In the last year, the adoption of machine learning in IoT security has increased significantly. Currently, machine learning solutions are often used to monitor activity and act if unusual behaviors are detected. Moreover, machine learning will not only process and analyse data much quicker than traditional tools but also will provide predictive analysis of threats and attacks. This means that breach detection times can be reduced significantly, minimizing the potential disruption. It also means that the information security team can prioritize work more effectively. However, the scope for AI will go beyond monitoring user activity on the system. AI as an IoT security tool will not reach its full potential in 2019, but its use will accelerate.

Security Embedded in MCU with Authentication at Every Level and at Every Layer

  • Chip to cloud, security embedded in hardware: We have already seen the adoption of IoT hardware security features such as a hardware security modules (HSM), Physical Unclonable Function (PUF) and TPM 2.0 (Trusted Platform Module). However, embedding security at the MCU-level to create a secure zone that can extend from the chip to the cloud level by integrating players from both ends of the IoT value chain was one of the most promising solutions. Security at the MCU-level will help solve cloning and counterfeit issues and will also establish secure authentication along with a unique identity. Semiconductor players like Microchip, NXP, Renesas, Cypress, STMicroelectronics, and Texas Instrument have already launched different versions of this product type.
  • Increasing demand for security personnel in governments and private sector: GDPR ensured that all organizations directly or indirectly involved with data management concerning EU citizens are obliged to comply with the regulations, irrespective of where they are based. This has created a ripple effect of demand for skilled security personnel among both government and private sector which, in turn, has resulted in increased organizational budgeting for staff and training on data protection. We expect this trend to multiply in 2019.
Counterpoint research is a young and fast growing research firm covering analysis of the tech industry. Coverage areas are connected devices, digital consumer goods, software & applications and other adjacent topics. We provide syndicated research reports as well as tailored. Our seminars and workshops for companies and institutions are popular and available on demand. Consulting and customized work on the above topics is provided for high precision projects.

Term of Use and Privacy Policy

Counterpoint Technology Market Research Limited


In order to access Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.

How to unsubscribe and Termination

You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time. In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.

Website Content and Copyright

This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.

Changes or Updates to the Website

The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information: While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.

Third Party Links: This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.

Cookies and Tracking

We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans.
Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.