Almost half of companies still can’t detect IoT device breaches
15 January 2019
Gemalto can reveal that only around half (48 percent) of businesses can detect if any of their IoT devices suffers a breach. This comes despite companies having an increased focus on IoT security.
• Spending on protection has grown (from 11 percent of IoT budget in 2017 to 13 percent now);
• Nearly all (90 percent) believing it is a big consideration for customers; and
• Almost three times as many now see IoT security as an ethical responsibility (14 percent), compared to a year ago (4 percent)
With the number of connected devices set to top 20 billion by 2023, businesses must act quickly to ensure their IoT breach detection is as effective as possible.
Surveying 950 IT and business decision makers globally, Gemalto found that companies are calling on governments to intervene, with 79 percent asking for more robust guidelines on IoT security, and 59 percent seeking clarification on who is responsible for protecting IoT. Despite the fact that many governments have already enacted or announced the introduction of regulations specific to IoT security, most (95 percent) businesses believe there should be uniform regulations in place, a finding that is echoed by consumers. 95 percent expect IoT devices to be governed by security regulations.
“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Jason Hart, CTO, Data Protection at Gemalto. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”
Security remains a big challenge
With such a big task in hand, businesses are calling for governmental intervention because of the challenges they see in securing connected devices and IoT services. This is particularly mentioned for data privacy (38 percent) and the collection of large amounts of data (34 percent). Protecting an increasing amount of data is proving an issue, with only three in five (59 percent) of those using IoT and spending on IoT security, admitting they encrypt all of their data.
Consumers are clearly not impressed with the efforts of the IoT industry, with 62 percent believing security needs to improve. When it comes to the biggest areas of concern 54 percent fear a lack of privacy because of connected devices, followed closely by unauthorised parties like hackers controlling devices (51 percent) and lack of control over personal data (50 percent).
Blockchain gains pace as an IoT security tool
While the industry awaits regulation, it is seeking ways to address the issues itself, with blockchain emerging as a potential technology; adoption of blockchain has doubled from 9 percent to 19 percent in the last 12 months. What’s more, a quarter (23 percent) of respondents believe that blockchain technology would be an ideal solution to use for securing IoT devices, with 91 percent of organisations that don’t currently use the technology are likely to consider it in the future.
As blockchain technology finds its place in securing IoT devices, businesses continue to employ other methods to protect themselves against cybercriminals. The majority (71 percent) encrypt their data, while password protection (66 percent) and two factor authentication (38 percent) remain prominent.
Hart continues, “Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store. But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”
Web security company High-Tech Bridge's CEO Ilia Kolochenko says we may be being too optimistic. “I think the survey results are somewhat optimistic with almost a half of the European companies claiming to have IoT breach detection capacities. In my experience, less than 10 percent of European organisations have an up2date inventory of their IoT devices, let alone breach detection capacities. Shadow IoT, brought and implemented by employees, exacerbate the situation as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud.
“On the other hand, blockchain capacity to secure IoT is somewhat overestimated. Blockchain technology by definition has nothing to do with many popular attack vectors on IoT devices. GDPR's role is also questioned, as most of the careless IoT manufactures are located far beyond EU jurisdiction and do not care about any judicial decisions of European courts against them. Moreover, not every IoT is designed to store or process PII, thus making GDPR simply inapplicable.
“Uniform regulation of the IoT market is a Utopia amid current geopolitical tensions in the technology sector. Nonetheless, governmental regulation of secure-by-design IoT is certainly a good idea and probably is the only way to make the IoT market more reliable.”
Contact Details and Archive...